This page provides you with the available Security Settings within the software.

<tip c n>The character set type allowed in the user and password are of the UTF-8 character set. The specific characters allowed are all letters, numbers, spaces, dots,dashes and underscores. No odd characters like the tilde and others are allowed. </tip>

Specify the minimum and maximum number of characters that may be entered by users on your site for their username.

Specify the minimum and maximum number of characters that may be entered by users on your site for their password.

You may choose between hashed or plain text. A user will be able to log in, no matter what storage method was used for their password. After they log in, if the storage method used for their password is different from the setting here, it will be re-saved according to the setting. If you are not sure which settings to use, keep the default settings.

Passwords are stored in the database in hashed (or "scrambled") form. The password cannot be retrieved if the password is lost or forgotten, it can only be reset to a new password.

Passwords are stored in the database in human readable format.

The amount of time, in seconds, before a session is removed from the database due to inactivity. If logged in, this is the amount of time before a user is logged out due to inactivity. Sessions are used to keep track of how many active users are on the site, and to keep track of login details.

This settings is calculated in seconds. 3600 seconds is the default setting which represents 1 hour. So after 1 hour of inactivity on your site an individual seesion for a specific user will be removed from the database. If the user returns to the site after the session has been removed they will need to re-login to the site to get back into their user management settings.

<tip c n>Note that the statistic produced in the PAGE MODULES > MISC > Total Live Users (!MODULE_TOTAL_LIVE_USERS!) module does a count of the current users in the geodesic_sessions database table. This table contains all of the sessions mentioned above. Increasing or decreasing the session time-out on the client side will have an effect on the statistic produced by this module. Increasing the session time out time increases the amount of time before a session is removed from the geodesic_sessions table and thereby increasing the number of sessions/users that will be in the database at any one time. Also reducing the session time-out will reduce the number of users/sessions within the database at any one time. If you were to double the default session time-out value to just 7200 seconds would conceivably double the count of sessions counted in this statistic.</tip>

<tip c n>Also note that if a specific clients browser has a problem saving/returning cookies or has set their browser to refuse cookies can inflate this statistic quite a bit. All it takes is one of these users to visit 50 pages on your site to inflate the session count by that much.</tip>

Specify a list of user-agent strings separated by ||, to add to the list in the file robot_list.php. If the user-agent is already in that file, there is no need to add it here.

This is a list of additional user-agents, in addition to the ones defined in robot_list.php, that are known to be robots or search engine crawlers. If a user-agent is detected to be on the robot list, it will not be given any cookies, and will not be redirected. This should either be left blank to just use the list in robot_list.php, or it should be a || separated list.

<tip c n>Also note that search engine bots do not return the session cookies set to them. This being the case each time a search engine bot hits a page on your site and that search engine bot is not within the robot user-agents list can create another session within the database. This can temporarily and drastically swell the count of the user sessions within database and thereby the live users figure provided by the PAGE MODULES > MISC > Total Live Users (!MODULE_TOTAL_LIVE_USERS!) module.</tip>

The settings found below can be changed by modifying or adding the appropriate line(s) in your config.php file. They are not changeable through the admin, to make it possible to change the settings when logging into the admin is not possible.

This setting can be used only in conjuction with the site on/off switch located in Site Setup > General Settings within your admin. This will allow you to disable your website from public access, while at the same time allowing you (or any IPs you choose) to perform maintenance such as placing test listings, etc.

You can place as many IPs as you wish. You can use partial IPs, but the software assumes you are leaving off the right-most octets (ex. 192.168 will be interpreted as 192.168.x.x). Separate each IP by a comma.

<tip c n>You must supply 3 digits for any given octet, or else end the octet with a period for an exact match. For example, 10.0 would match 10.0.x.x AND 10.056.x.x, but 10.0. would only match 10.0.x.x </tip>