SSL
Enabling SSL would ensure that communication between the end user's browser to be server is secure. Please see Setting Up SSL on Tomcat to learn more.
Chinese |
---|
启用SSL将确保最终用户的浏览器与服务器之间的通信是安全的。请参阅 在Tomcat 上设置SSL以了解更多信息。 |
Info |
---|
|
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. Chinese |
---|
SSL (安全套接字层)是在Web服务器和浏览器之间建立加密链接的标准安全技术。 |
|
Warning |
---|
|
Without the use of SSL between the end client and the server, any data sent between these 2 parties will be susceptible to data sniffing by hackers as the data packets travel from end to end. |
...
Chinese |
---|
如果在最终客户端和服务器之间没有使用SSL,那么在这两方之间发送的任何数据都将容易受到黑客的数据嗅探,因为数据包从一端到另一端。 |
|
Domain Whitelist for API Calls
Refer to API Domain Whitelist in Settings to whitelist domains that are consuming Joget's APIs.
Chinese |
---|
请参阅 “设置中的API域白名单” ,将使用Joget API的域列入白名单。 |
Info |
---|
|
By enabling this option, only servers white listed are able to communicate with the server. Chinese |
---|
通过启用此选项,只有列出的服务器才能与服务器通信。 |
|
Directory User Access Control
Maintaining good password policy management would ensure that user's password is kept safe. Security Enhanced Directory Manager is recommended to be used. The Security Enhanced Directory Manager features enhanced security and control on user management.
Enabling Multi-Factor Authentication using TOTP is also an added strength to it.
Info |
---|
|
By enabling this option, this will increase security of the user's login information. Chinese |
---|
通过启用此选项,这将增加用户登录信息的安全性。 |
|
Warning |
---|
|
Without the use of SSL between the end client and the server, login information will be sent in non-encrypted, clear text to the end server. Chinese |
---|
如果在终端客户端和服务器之间没有使用SSL,则登录信息将以未加密的明文形式发送到终端服务器。 |
|
Process Start White List
Make use of this feature located under Map Participants to Users to limit on who can start a process instance.
Chinese |
---|
利用Map Participants to Users下的此功能 来限制谁可以启动流程实例。 |
Permission Control is used to exert control and manage access to various components in a developed Joget App. There are 4 main components/areas where permission control can be exerted. They are:-
Chinese |
---|
权限控制 用于在开发的Joget应用程序中对各种组件进行控制和管理访问。有4个主要组件/区域可以进行权限控制。他们是:- |
Userview
Userview Category
Form
Form Section
Info |
---|
title | Showing the App in App Center only after user is logged on |
---|
|
The most common practice is to list down apps in the App Center only if the user is logged in. To do so, head to the Userview Properties of your app, and locate Permission Type and set it to Logged In User. Chinese |
---|
最常见的做法是仅在用户登录时在App Center中列出应用程序。为此,请到您的应用程序的“用户视图属性 ”,然后找到“ 权限类型”并将其设置为“ 登录用户”。 |
|
Read more at Permission Control.
Password Encryption
During application design, any sensitive information such as password may be encrypted for security purpose. You may change the key and salt used in a Joget Workflow server to further enhance its security.
Chinese |
---|
在应用程序设计过程中,出于安全目的,任何敏感信息(如密码)均可能被加密 您可以更改Joget Workflow服务器中使用的密钥和salt,以进一步增强其安全性。 |
Warning |
---|
Making changes to the key and salt will render all passwords unusable in an existing server therefore it is only recommended to do during initial server installation. Chinese |
---|
对密钥和salt进行更改将使所有密码在现有服务器中不可用,因此建议在初始服务器安装期间执行。 |
|
Info |
---|
|
In an exported app, any password saved in the application design will be encrypted as well. Hence, when the app is imported into another server, be sure to reconfigure all saved password as servers with different key and salt would render the passwords unusable. Chinese |
---|
在导出的应用程序中,保存在应用程序设计中的任何密码也将被加密。因此,当应用程序导入到另一台服务器时,请确保将所有保存的密码重新配置为具有不同密钥和salt的服务器,否则会导致密码不可用。 |
|
Locate the file customApplicationContext.xml in \apache-tomcat-8.5.14\webapps\jw\WEB-INF\classes and add in line 6-9 as shown below.
Chinese |
---|
在\ apache-tomcat-8.5.14 \ webapps \ jw \ WEB-INF \ classes中 找到customApplicationContext.xml文件 , 并在第6-9行添加,如下所示。 |
Code Block |
---|
language | js |
---|
linenumbers | true |
---|
|
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<bean id="dataEncryption" class="org.joget.apps.workflow.security.SecureDataEncryptionImpl">
<property name="salt" value="NEW-VALUE-GOES-HERE"/>
<property name="key" value="NEW-VALUE-GOES-HERE"/>
</bean>
</beans> |
Replace line 7 and 8 salt and key value to your own one.