| Installation and Setup > Security Best Practices > AppConfig Security |
AppConfig Security
|
Related Topics: ControlScan Partner | Data Encryption | Security Best Practices Security Coding Practices | Using SSL | Web.config authentication |
The AppConfig parameters stores a great deal of sensitive information such as the list of SuperUsers, Gateway account numbers and passwords. Anyone that can login to the Admin site could potentially see this information.
Consequently, each AppConfig parameter may be flagged as SuperUser Only by checking the checkbox on the AppConfig edit page. Only users listed in the AppConfig:Admin_SuperUser parameter will be then able to see and edit SuperUser Only marked AppConfig values. Normal Admin users will not see these values.
SuperUsers have access to all data in the database via the Admin pages. This includes credit card and password information. Be careful particularly in protecting SuperUser login information. Change passwords OFTEN and use strong passwords of at least eight (8) characters combining alphanumeric, numbers, and special character combinations.
Normal Admin users will not be able to view SuperUser data in the Customer pages. Only a SuperUser can edit another SuperUser's data.
System Requirements | Security Best Practices | Support & Upgrade Contracts | Downloads | Contact Us
Copyright © 1995-2006 All rights reserved.