Security

The following series of options in the Security section allow you to either enhance or reduce the security of your Issuetrak site. It is important to note that some of these enhancements may reduce the functionality of the browser, causing potential inconveniences to your users. Additionally, two of these options will result in reduced security and should only be enabled with care.

Want to find out about security as it relates to the deployment of Issuetrak? Read the Security in Issuetrak article instead.

Steps:

To change your system's security options:

  1. Click the gear icon in the upper right > click on Security beneath System.
  2. Make the desired selections and then click the Update button.

Define Site Security

Protect this site from Cross-Site Request Forgery (CSRF) attacks

This setting adds additional security layers to your site that help prevent hackers from potentially gaining access to sensitive information and/or executing malicious functions through Cross-Site Request Forgery attacks. This option comes with a number of potential inconveniences to your users, including additional steps needing to be taken to perform certain behaviors.

  • Users will not be able to access any shortcut or direct link to a specific page within your Issuetrak site (such as an Issue record, Project record, KB Article, Report, etc.) that is not specifically embedded with a system-generated Synchronizer Token Pattern.
  • Users will not be able to access any shortcut or direct link to a specific page within your Issuetrak website that has been copied and pasted directly from a browser's address bar into any other location inside or outside of Issuetrak (such as into another Issue record, Project record, KB Article, personal email message, desktop shortcut, etc.).
  • Users will be required to generate a Safe URL using the (Create Safe URL) function found in the top bar of your Issuetrak interface each time they need to paste a link to a specific page within Issuetrak into any other location inside or outside of Issuetrak.
  • This significantly lengthens the general URL displayed in a browser's address bar for every individual page within your Issuetrak site.
  • This significantly increases the number of characters involved in a Safe link to specific pages within your Issuetrak site which may potentially exceed the amount of available space or maximum character limit allowed in certain locations inside or outside of Issuetrak.
  • For more details on this type of attack, please see the OWASP's Cross Site Request Forgery (CSRF) page.

Prevent Log In screen from displaying when users log out

When toggled, Issuetrak will display a screen offering users a "Log in again" button when they log out. When toggled off, Issuetrak will display the site's login screen when a user logs out.

Restrict uploads of high-risk file types to enhance security (e.g. .exe, .bat, etc.) 

When toggled, Issuetrak will refuse to allow certain file types to be uploaded as an attachment to the site. This applies to all attachments, and not just those for issues. 

This feature will block a variety of files that can contain malware for not only Windows-based machines, but also Macs and Linux. 

When this feature is enabled, the following file types / extensions will be blocked* from being attached from any of the attachment areas:

  • .EXE
  • .DLL
  • .COM
  • .MSI
  • .PS1
  • .PSM1
  • .BAT
  • .SH
  • .JS
  • .VBS
  • .CMD

* Some caveats apply to this functionality:

  • The file blocking feature evaluates the content of files, as well as their extensions.
  • Empty files will not be blocked, regardless of file extension.
  • If a file is not empty, and it matches a file extension or type on the blacklist, then it will be blocked.

The following options reduce site security

Allow more than one person to be logged in with a single end-user account at the same time

This setting will allow multiple users or browsers to log in using the same end-user account. Agent accounts cannot be made to allow multiple simultaneous logins.

Use cookies to remember User IDs on the login page

When enabled, Issuetrak will use a cookie to store the User ID information on the local machine. This is a convenience feature that prevents your users from having to type their User ID every time they visit your Issuetrak site.

Actions

Close All Sessions

This button effectively kicks all users out of the site and forces them to the login screen to re-authenticate.

Enable Support Access

This button allows you to enable an account that a Support team member can then use to log into your site. See this article for more info.

Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted for approval.

Related Articles

 Copyright © Issuetrak, Inc. All rights reserved.