Security Module

View video

Making use of the security modules, you can implement a complete access rules for systems developed by ScriptCase. The process for the security module creation is quick and simple.

Scriptcase has five types of security, they are similar, diverging only in how the permissions are applied.

User Security Type

Under this security type all users have access to all applications. It works only for user authentication. Scriptcase will create one table to store the user and password information and validate the acess using a login screen.

In this security type Scriptcase creates these tables:

• User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
• Logged users - Login, login date, Session, IP address

The table Logged users will be created only if the option Protect Logged users is checked during the Security Module creation.

Application Security Type

Under this type Scriptcase will also control login and password as the User Security and also create a restricted access control to the applications or system options according to the logged user. It is possible to define which applications is accessible to each user.

In this security type Scriptcase creates these tables:

• User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
• Application - Code, Description, Application type
• User / Application - Login, Application Name, Access privileges, Insert privileges, Delete privileges, Update privileges, Export privileges, Print privileges
• Logged users - Login, login date, Session, IP address

The table Logged users will be created only if the option Protect Logged users is checked during the Security Module creation.

Group Security Type

This type of security includes the options of User and Application types, however with the Group Security type you will group the users and define the permissions to access the applications or system options according to the groups. One user can belong to one or more groups.

In this security type Scriptcase creates these tables:

• User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
• Group - Description and ID
• Application - Code, Description, Application type
• User / Group - Login, Group ID
• Group / Application - Group ID, Application name, Access privileges, Insert privileges, Delete privileges, Update privileges, Export privileges, Print privileges
• Logged users - Login, login date, Session, IP address

The table Logged users will be created only if the option Protect Logged users is checked during the Security Module creation.

LDAP Security Type

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. You can use this protocol within Scriptcase Security module to authentication users in two ways: (Authentication only, performs only a simple user authentication, similar to User Security Type and the Total Control, where we can define the access by groups, similar to the Group Security Type.

In this security type Scriptcase creates these tables:

• User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
• Application - Code, Description, Application type
• User / Application - Login, Application Name, Access privileges, Insert privileges, Delete privileges, Update privileges, Export privileges, Print privileges
• Logged users - Login, login date, Session, IP address

The table Logged users will be created only if the option Protect Logged users is checked during the Security Module creation.

See how to create each security type:

User security creation

Security Type

First you should select the security type.

Connection

After the security type definition, you must select the connection that will be used to create the tables that make up the security module.

• Connection - Sets the connection that will be used for the creation of the security tables.
• Use existing tables -Enables you to use pre-existing tables in your database. These tables must have at least the same fields used by Scriptcase security module. We recommend that you use this option if the tables have already been created by Scriptcase Security Module, to minimize errors.
• Create tables - This option creates all necessary security tables inside the selected database.
• Tables prefix - You can set a prefix of the tables that will be created by the Security Module. By default Scriptcase uses the prefix: sec_
• Delete if tables already exist - This option is available only when you select Create Tables. By selecting this option, if your database has tables with the same names, they will be deleted and replaced by new tables created by the Security Module.
• Protect Logged Users - Protection to prevent users to perform simultaneous logins in different sessions.

Tables link

This step is important if the option Use existing tables is selected. In this case, you must associate the fields from the existing tables to fields of security applications (applications generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that they can be associated to the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option Create tables, in the previous step the fields will be automatically associated, just click continue.

Settings

In this step we will define the security module settings.

General

User password encryption, the folder where the applications are created, the log module used among other things.

• Applications Prefix - Prefix for the applications that will be created automatically by the Security Module.
• When session expires - Define what will occurs when the session expires.
  • No action - The Scriptcase will allow continuing using the application however, nothing you have done after the session expires will be saved.
  • Redirect to login after the session expiration - Will make the application return to the login after expiring the session.
  • Display a message that the session has expired - Will show a message saying that the session has expired.
• Encryption - Encryption used for to store the password in the table of users.
• Enable Security - Activate the flag Application Security of all project applications.
• Enable Captcha - Activates the captcha for the login application created by the Security Module.
  • No - Does not display the captcha in the login application.
  • Captcha - Uses the built-in scriptcase library for captcha display.
  • reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure click here.
• Folder - Folder name that will be created to store the applications generated by Security Module.
• Theme - Theme that is used for the applications created by the Security Module.
• Log - This option is available if the project has a Log Module previously created. Click here and check out how to create a Log Module
• Menu - This option is only available if your project has a Menu Application previously created. You can associate this existing Menu and include all applications generated by the Security Module to it. If you do not select an existing Menu here, Scriptcase Security Module will create a new Menu Application exclusively for the security applications.
• Menu Type - Security Module menu type (option only available if you do not select and existing menu in the previous item)

Login

Here you can set the type and amount of characters allowed for the username and password fields.

• Minimum size - Minimum amount of characters used by the user.
• Maximum size - Maximum size of the characters used by the user.
• Characters allowed - Define which characters are allowed when creating a password.

Password recovery settings

Defines how password recovery will work in the system created by the Security Module.

These password recovery options works only when the SMTP server is configured properly, please check the Email settings.

• Send the password by e-mail - The system will send the user password directly by email just if the SMTP has been correctly set up and the password is not encrypted.
• Reset password and send new one by email - The system will reset the password automatically and send it to the user by email just if the SMTP has been correctly set up.
• Send a link to e-mail with reset option - The system will send a link by e-mail for the user to access an application and reset the passoword.

New Users

Settings for creating new users in the secutity system.

The options activation by email and send an email to admin work only when the SMTP server is configured properly, access Email settings to set it up.

• System allows new users registration - This option sets the availability of users registration directly in the login system. If this option is not checked, only users with administrative access to the system will be able to insert new users.
• System requires activation by email - This option sets whether the new user will have to perform a validation email to activate the account (This option is available only if the email SMTP is configured)
• System requires the user to send an email to admin - This option sets whether the system administrator will receive an e-mail whenever a new user is created (This option is available only if the email SMTP is configured)

Email settings

This option sets the provider that will be used for sending e-mails from the system.

The information from this example may change according to the SMTP. We are using the Gmail SMTP for this example..

• SMTP Server - Must enter the SMTP server address.
• SMTP Port - Enter the SMTP server port. This information must comply with the secure connection option. Use 465 for SSL, 587 for TLS or 25 for unsafe connection. If you do not inform the port Scriptcase will apply a defauld one: 25.
• Secure Connection - Use SSL or TSL, or leave it blank for unsecure connection.
• SMTP User - Enter the SMTP User information.
• SMTP Password - Enter the SMTP password information.
• SMTP E-mail - Enter the SMTP outgoing email.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.

• Display logged users - If you check this option Scriptcase will also create with the Security Module a Grid Application to display a report with all users current logged on the system
• Brute Force Attack Protection - Enables/disables the blocking of users after some unsuccessful access attempts.
• Brute Force lockout time (in Minutes) - Time, in minutes, that the user will remain inaccessible after several unsuccessful access attempts. (Available only when rute Force Attack Protection is enabled)
• Numbers of attempts before lock - Number of failed access attempts, until the protection is enabled. (Available only when enable protection for brute force attacks)

Enter the first record

This option insert the first user inside the security tables. This user will have full administrator permissions in order to manage the security system and add new users.

• Login - This option sets the system administrator user.
• Password - This option sets the system administrator passwrod.
• Name - This option sets the system administrator name.
• E-mail - This option sets the system administrator user E-mail.
• Group - This option sets the group name that will receive the administrator privileges and that the registed user will be part.

The group option, is available only for Group Security, in the remaining modules this option will not be displayed.

Add applications

This option add the applications already created in the project to the Security Module applications’ table.

Save profile

Using this option you will save all settings during the Security Module creation. The same profile can be used later for other projects.

• Save Profile - Allows you to save a profile with all the current security module settings.
• Name - Profile name
• Target - This option sets who will have access to the saved profile in the future.
  • Public - Your security profile will be available in all projects from your Scriptcase.
  • Project - Your security profile will be available only in the project in which it was created.
  • User - Your security profile will be available only to the logged user.

Using a saved security profile

The saved profiles can be selected at the beginning of a new Security Module creation, before you choose the security type.

Application security creation

Security Type

First you should select the security type.

Connection

After the security type definition, you must select the connection that will be used to create the tables that make up the security module.

• Connection - Sets the connection that will be used for the creation of the security tables.
• Use existing tables -Enables you to use pre-existing tables in your database. These tables must have at least the same fields used by Scriptcase security module. We recommend that you use this option if the tables have already been created by Scriptcase Security Module, to minimize errors.
• Create tables - This option creates all necessary security tables inside the selected database.
• Tables prefix - You can set a prefix of the tables that will be created by the Security Module. By default Scriptcase uses the prefix: sec_
• Delete if tables already exist - This option is available only when you select Create Tables. By selecting this option, if your database has tables with the same names, they will be deleted and replaced by new tables created by the Security Module.
• Protect Logged Users - Protection to prevent users to perform simultaneous logins in different sessions.

Tables link

This step is important if the option Use existing tables is selected. In this case, you must associate the fields from the existing tables to fields of security applications (applications generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that they can be associated to the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option Create tables, in the previous step the fields will be automatically associated, just click continue.

Settings

In this step we will define the security module settings.

General

User password encryption, the folder where the applications are created, the log module used among other things.

• Applications Prefix - Prefix for the applications that will be created automatically by the Security Module.
• When session expires - Define what will occurs when the session expires.
  • No action - The Scriptcase will allow continuing using the application however, nothing you have done after the session expires will be saved.
  • Redirect to login after the session expiration - Will make the application return to the login after expiring the session.
  • Display a message that the session has expired - Will show a message saying that the session has expired.
• Encryption - Encryption used for to store the password in the table of users.
• Enable Security - Activate the flag Application Security of all project applications.
• Enable Captcha - Activates the captcha for the login application created by the Security Module.
  • No - Does not display the captcha in the login application.
  • Captcha - Uses the built-in scriptcase library for captcha display.
  • reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure click here.
• Folder - Folder name that will be created to store the applications generated by Security Module.
• Theme - Theme that is used for the applications created by the Security Module.
• Log - This option is available if the project has a Log Module previously created. Click here and check out how to create a Log Module
• Menu - This option is only available if your project has a Menu Application previously created. You can associate this existing Menu and include all applications generated by the Security Module to it. If you do not select an existing Menu here, Scriptcase Security Module will create a new Menu Application exclusively for the security applications.
• Menu Type - Security Module menu type (option only available if you do not select and existing menu in the previous item)

Login

Here you can set the type and amount of characters allowed for the username and password fields.

• Minimum size - Minimum amount of characters used by the user.
• Maximum size - Maximum size of the characters used by the user.
• Characters allowed - Define which characters are allowed when creating a password.

Password recovery settings

Defines how password recovery will work in the system created by the Security Module.

These password recovery options works only when the SMTP server is configured properly, please check the Email settings.

• Send the password by e-mail - The system will send the user password directly by email just if the SMTP has been correctly set up and the password is not encrypted.
• Reset password and send new one by email - The system will reset the password automatically and send it to the user by email just if the SMTP has been correctly set up.
• Send a link to e-mail with reset option - The system will send a link by e-mail for the user to access an application and reset the passoword.

New Users

Settings for creating new users in the secutity system.

The options activation by email and send an email to admin work only when the SMTP server is configured properly, access Email settings to set it up.

• System allows new users registration - This option sets the availability of users registration directly in the login system. If this option is not checked, only users with administrative access to the system will be able to insert new users.
• System requires activation by email - This option sets whether the new user will have to perform a validation email to activate the account (This option is available only if the email SMTP is configured)
• System requires the user to send an email to admin - This option sets whether the system administrator will receive an e-mail whenever a new user is created (This option is available only if the email SMTP is configured)

Email settings

This option sets the provider that will be used for sending e-mails from the system.

The information from this example may change according to the SMTP. We are using the Gmail SMTP for this example..

• SMTP Server - Must enter the SMTP server address.
• SMTP Port - Enter the SMTP server port. This information must comply with the secure connection option. Use 465 for SSL, 587 for TLS or 25 for unsafe connection. If you do not inform the port Scriptcase will apply a defauld one: 25.
• Secure Connection - Use SSL or TSL, or leave it blank for unsecure connection.
• SMTP User - Enter the SMTP User information.
• SMTP Password - Enter the SMTP password information.
• SMTP E-mail - Enter the SMTP outgoing email.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.

• Display logged users - If you check this option Scriptcase will also create with the Security Module a Grid Application to display a report with all users current logged on the system
• Brute Force Attack Protection - Enables/disables the blocking of users after some unsuccessful access attempts.
• Brute Force lockout time (in Minutes) - Time, in minutes, that the user will remain inaccessible after several unsuccessful access attempts. (Available only when rute Force Attack Protection is enabled)
• Numbers of attempts before lock - Number of failed access attempts, until the protection is enabled. (Available only when enable protection for brute force attacks)

Enter the first record

This option insert the first user inside the security tables. This user will have full administrator permissions in order to manage the security system and add new users.

• Login - This option sets the system administrator user.
• Password - This option sets the system administrator passwrod.
• Name - This option sets the system administrator name.
• E-mail - This option sets the system administrator user E-mail.
• Group - This option sets the group name that will receive the administrator privileges and that the registed user will be part.

The group option, is available only for Group Security, in the remaining modules this option will not be displayed.

Add applications

This option add the applications already created in the project to the Security Module applications’ table.

Save profile

Using this option you will save all settings during the Security Module creation. The same profile can be used later for other projects.

• Save Profile - Allows you to save a profile with all the current security module settings.
• Name - Profile name
• Target - This option sets who will have access to the saved profile in the future.
  • Public - Your security profile will be available in all projects from your Scriptcase.
  • Project - Your security profile will be available only in the project in which it was created.
  • User - Your security profile will be available only to the logged user.

Using a saved security profile

The saved profiles can be selected at the beginning of a new Security Module creation, before you choose the security type.

Group security creation

Security Type

First you should select the security type.

Connection

After the security type definition, you must select the connection that will be used to create the tables that make up the security module.

• Connection - Sets the connection that will be used for the creation of the security tables.
• Use existing tables -Enables you to use pre-existing tables in your database. These tables must have at least the same fields used by Scriptcase security module. We recommend that you use this option if the tables have already been created by Scriptcase Security Module, to minimize errors.
• Create tables - This option creates all necessary security tables inside the selected database.
• Tables prefix - You can set a prefix of the tables that will be created by the Security Module. By default Scriptcase uses the prefix: sec_
• Delete if tables already exist - This option is available only when you select Create Tables. By selecting this option, if your database has tables with the same names, they will be deleted and replaced by new tables created by the Security Module.
• Protect Logged Users - Protection to prevent users to perform simultaneous logins in different sessions.

Tables link

This step is important if the option Use existing tables is selected. In this case, you must associate the fields from the existing tables to fields of security applications (applications generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that they can be associated to the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option Create tables, in the previous step the fields will be automatically associated, just click continue.

Settings

In this step we will define the security module settings.

General

User password encryption, the folder where the applications are created, the log module used among other things.

• Applications Prefix - Prefix for the applications that will be created automatically by the Security Module.
• When session expires - Define what will occurs when the session expires.
  • No action - The Scriptcase will allow continuing using the application however, nothing you have done after the session expires will be saved.
  • Redirect to login after the session expiration - Will make the application return to the login after expiring the session.
  • Display a message that the session has expired - Will show a message saying that the session has expired.
• Encryption - Encryption used for to store the password in the table of users.
• Enable Security - Activate the flag Application Security of all project applications.
• Enable Captcha - Activates the captcha for the login application created by the Security Module.
  • No - Does not display the captcha in the login application.
  • Captcha - Uses the built-in scriptcase library for captcha display.
  • reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure click here.
• Folder - Folder name that will be created to store the applications generated by Security Module.
• Theme - Theme that is used for the applications created by the Security Module.
• Log - This option is available if the project has a Log Module previously created. Click here and check out how to create a Log Module
• Menu - This option is only available if your project has a Menu Application previously created. You can associate this existing Menu and include all applications generated by the Security Module to it. If you do not select an existing Menu here, Scriptcase Security Module will create a new Menu Application exclusively for the security applications.
• Menu Type - Security Module menu type (option only available if you do not select and existing menu in the previous item)

Login

Here you can set the type and amount of characters allowed for the username and password fields.

• Minimum size - Minimum amount of characters used by the user.
• Maximum size - Maximum size of the characters used by the user.
• Characters allowed - Define which characters are allowed when creating a password.

Password recovery settings

Defines how password recovery will work in the system created by the Security Module.

These password recovery options works only when the SMTP server is configured properly, please check the Email settings.

• Send the password by e-mail - The system will send the user password directly by email just if the SMTP has been correctly set up and the password is not encrypted.
• Reset password and send new one by email - The system will reset the password automatically and send it to the user by email just if the SMTP has been correctly set up.
• Send a link to e-mail with reset option - The system will send a link by e-mail for the user to access an application and reset the passoword.

New Users

Settings for creating new users in the secutity system.

The options activation by email and send an email to admin work only when the SMTP server is configured properly, access Email settings to set it up.

• System allows new users registration - This option sets the availability of users registration directly in the login system. If this option is not checked, only users with administrative access to the system will be able to insert new users.
• System requires activation by email - This option sets whether the new user will have to perform a validation email to activate the account (This option is available only if the email SMTP is configured)
• System requires the user to send an email to admin - This option sets whether the system administrator will receive an e-mail whenever a new user is created (This option is available only if the email SMTP is configured)

Email settings

This option sets the provider that will be used for sending e-mails from the system.

The information from this example may change according to the SMTP. We are using the Gmail SMTP for this example..

• SMTP Server - Must enter the SMTP server address.
• SMTP Port - Enter the SMTP server port. This information must comply with the secure connection option. Use 465 for SSL, 587 for TLS or 25 for unsafe connection. If you do not inform the port Scriptcase will apply a defauld one: 25.
• Secure Connection - Use SSL or TSL, or leave it blank for unsecure connection.
• SMTP User - Enter the SMTP User information.
• SMTP Password - Enter the SMTP password information.
• SMTP E-mail - Enter the SMTP outgoing email.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.

• Display logged users - If you check this option Scriptcase will also create with the Security Module a Grid Application to display a report with all users current logged on the system
• Brute Force Attack Protection - Enables/disables the blocking of users after some unsuccessful access attempts.
• Brute Force lockout time (in Minutes) - Time, in minutes, that the user will remain inaccessible after several unsuccessful access attempts. (Available only when rute Force Attack Protection is enabled)
• Numbers of attempts before lock - Number of failed access attempts, until the protection is enabled. (Available only when enable protection for brute force attacks)

Enter the first record

This option insert the first user inside the security tables. This user will have full administrator permissions in order to manage the security system and add new users.

• Login - This option sets the system administrator user.
• Password - This option sets the system administrator passwrod.
• Name - This option sets the system administrator name.
• E-mail - This option sets the system administrator user E-mail.
• Group - This option sets the group name that will receive the administrator privileges and that the registed user will be part.

The group option, is available only for Group Security, in the remaining modules this option will not be displayed.

Add applications

This option add the applications already created in the project to the Security Module applications’ table.

Save profile

Using this option you will save all settings during the Security Module creation. The same profile can be used later for other projects.

• Save Profile - Allows you to save a profile with all the current security module settings.
• Name - Profile name
• Target - This option sets who will have access to the saved profile in the future.
  • Public - Your security profile will be available in all projects from your Scriptcase.
  • Project - Your security profile will be available only in the project in which it was created.
  • User - Your security profile will be available only to the logged user.

Using a saved security profile

The saved profiles can be selected at the beginning of a new Security Module creation, before you choose the security type.

LDAP Creation - Authentication Only

Security type

First you should select the security type.

Connection

After the security type, you will have to select the connection where you want to store the security module tables.

Settings

In this step, you will define the general security module settings.

General

• Applications Prefix - Prefix for the applications that will be created automatically by the Security Module.
• Encryption - Encryption used for to store the password in the table of users.
• Enable Security - Activate the flag Application Security of all project applications.
• Enable Captcha - Activates the captcha for the login application created by the Security Module.
• Folder - Folder name that will be created to store the applications generated by Security Module.
• Theme - Theme that is used for the applications created by the Security Module.
• Log - This option is available if the project has a Log Module previously created. Click here and check out how to create a Log Module
• Menu - This option is only available if your project has a Menu Application previously created. You can associate this existing Menu and include all applications generated by the Security Module to it. If you do not select an existing Menu here, Scriptcase Security Module will create a new Menu Application exclusively for the security applications.
• Menu Type - Security Module menu type (option only available if you do not select and existing menu in the previous item)

Login

Here you can set the type and amount of characters allowed for the username and password fields.

• Minimum size - Minimum amount of characters used by the user.
• Maximum size - Maximum size of the characters used by the user.
• Characters allowed - Define which characters are allowed when creating a password.

LDAP

Under this option, you have to inform correctly your LDAP server settings.

• Server - Enter here the LDAP server IP.
• DN - Enter the input attributes.
• Port - Enter here the port for access to the server. Default port is 389.
• Sufix - Enter the user suffix.

Enter the first record

This option insert the first user inside the security tables. This user will have full administrator permissions in order to manage the security system and add new users.

• Login - This option sets the system administrator user.
• Password - This option sets the system administrator password.
• Name - This option sets the system administrator name.
• E-mail - This option sets the system administrator user E-mail.

Save profile

Using this option, you will save all settings during the Security Module creation. The same profile can be used later for other projects.

Save Profile

• Save Profile - Allows you to save a profile with all the current security module settings.
• Name - Profile name
• Target - This option sets who will have access to the saved profile in the future.
  • Public - Your security profile will be available in all projects from your Scriptcase.
  • Project - Your security profile will be available only in the project in which it was created.
  • User - Your security profile will be available only to the logged user.

Using a saved security profile

The saved profiles can be selected at the beginning of a new Security Module creation, before you choose the security type.

LDAP Creation - Total control

Security type

First you should select the security type.

Connection

After the security type, you will have to select the connection where you want to store the security module tables.

• Connection - Sets the connection that will be used for the creation of the security tables.
• Use existing tables -Enables you to use pre-existing tables in your database. These tables must have at least the same fields used by Scriptcase security module. We recommend that you use this option if the tables have already been created by Scriptcase Security Module, to minimize errors.
• Create tables - This option creates all necessary security tables inside the selected database.
• Tables prefix - You can set a prefix of the tables that will be created by the Security Module. By default, Scriptcase uses the prefix: sec_
• Delete if tables already exist - This option is available only when you select Create Tables. By selecting this option, if your database has tables with the same names, they will be deleted and replaced by new tables created by the Security Module.
• Protect Logged Users - Protection to prevent users to perform simultaneous logins in different sessions.

Tables link

This step is important if the option Use existing tables is selected. In this case, you must associate the fields from the existing tables to fields of security applications (applications generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that they can be associated to the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option Create tables, in the previous step the fields will be automatically associated, just click continue.

Settings

In this step we will define the security module settings.

General

User password encryption, the folder where the applications are created, the log module used among other things.

• Applications Prefix - Prefix for the applications that will be created automatically by the Security Module.
• Encryption - Encryption used for to store the password in the table of users.
• Enable Security - Activate the flag Application Security of all project applications.
• Enable Captcha - Activates the captcha for the login application created by the Security Module.
• Folder - Folder name that will be created to store the applications generated by Security Module.
• Theme - Theme that is used for the applications created by the Security Module.
• Log - This option is available if the project has a Log Module previously created. Click here and check out how to create a Log Module
• Menu - This option is only available if your project has a Menu Application previously created. You can associate this existing Menu and include all applications generated by the Security Module to it. If you do not select an existing Menu here, Scriptcase Security Module will create a new Menu Application exclusively for the security applications.
• Menu Type - Security Module menu type (option only available if you do not select and existing menu in the previous item)

Login

Here you can set the type and amount of characters allowed for the username and password fields.

• Minimum size - Minimum amount of characters used by the user.
• Maximum size - Maximum size of the characters used by the user.
• Characters allowed - Define which characters are allowed when creating a password.

Email settings

This option sets the provider that will be used for sending e-mails from the system.

The information from this example may change according to the SMTP. We are using the Gmail SMTP for this example.

• SMTP Server - Must enter the SMTP server address.
• SMTP Port - Enter the SMTP server port. This information must comply with the secure connection option. Use 465 for SSL, 587 for TLS or 25 for unsafe connection. If you do not inform the port Scriptcase will apply a default one: 25.
• Secure Connection - Use SSL or TSL, or leave it blank for unsecure connection.
• SMTP User - Enter the SMTP User information.
• SMTP Password - Enter the SMTP password information.
• SMTP E-mail - Enter the SMTP outgoing email.

LDAP

Under this option, you have to inform correctly your LDAP server settings.

• Server - Enter here the LDAP server IP.
• DN - Enter the input attributes.
• Port - Enter here the port for access to the server. Default port is 389.
• Sufix - Enter the user suffix.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.

• Display logged users - If you check this option Scriptcase will also create with the Security Module a Grid Application to display a report with all user’s current logged on the system
• Brute Force Attack Protection - Enables/disables the blocking of users after some unsuccessful access attempts.
• Brute Force lockout time (in Minutes) - Time, in minutes, that the user will remain inaccessible after several unsuccessful access attempts. (Available only when brute Force Attack Protection is enabled)
• Numbers of attempts before lock - Number of failed access attempts, until the protection is enabled. (Available only when enable protection for brute force attacks)

Registering the admin user

In this step, you must inform a user to connect to the LDAP server. The informed user will have full administrator permissions on the system where you are applying the Security Module.

• Login - This option sets the system LDAP administrator user.
• Password - This option sets the system LDAP administrator LDAP password.
• Name - This option sets the system LDAP administrator name.
• E-mail - This option sets the system LDAP administrator E-mail.

Add applications

This option adds the applications already created in the project to the Security Module applications’ table.

Save profile

Using this option, you will save all settings during the Security Module creation. The same profile can be used later for other projects.

• Save Profile - Allows you to save a profile with all the current security module settings.
• Name - Profile name
• Target - This option sets who will have access to the saved profile in the future.
  • Public - Your security profile will be available in all projects from your Scriptcase.
  • Project - Your security profile will be available only in the project in which it was created.
  • User - Your security profile will be available only to the logged user.

Using a saved security profile

The saved profiles can be selected at the beginning of a new Security Module creation, before you choose the security type.

reCAPTCHA

ReCAPTCHA is a tool used through the API provided by Google for sending     forms adding security at the time of form confirmation     (preventing automation for submission).

• reCAPTCHA sample:

  

First we have to request an API Key to activate reCAPTCHA in the Scriptcase application by following the steps below:

• To get a Site key and Secret Key go to the link: https://www.google.com/recaptcha/admin#list. The page below will be showed:

  

  • Label: Project name which will be created to contains the reCAPTCHA keys.
  • Choose the type of reCaptcha : We need to choose the option reCAPTCHA V2.
  • Domains: We can insert any domains (on per line ) to limit the API uses.

  After that, we need to accept the Terms of Service ( “Accept the reCAPTCHA Terms of Service” ).

  When click in Register the page will be reloaded showing the integration reCAPTCHA informations. In this screen we can get the Site Key and Secret Key:

  

Now, we can setting the reCAPTCHA keys on security module:

• Site Key: Key generated by google after reCAPTCHA project creation.
• Secret Key: Key generated by google after reCAPTCHA project creation.