Polytechnic Institute of Tabaco

100 Panal, Tabaco City, Albay

COURSE TITLE : IAS

COURSE CODE : IT 17
COURSE CREDIT : 3 UNITS
PROGRAM : BSIT
YEAR LEVEL/SEM :
PROFESSOR : MARNEIL ALLEN G. SANCHEZ
TOPIC : SECURITY ARCHITECTURE AND DESIGN (MODULE 3)

I. Introduction

What Is An "Access Control System”? Simply defined, the term "access control"
describes any technique used to control passage into or out of any area. The standard
lock that uses a brass key may be thought of as a simple form of an "access control
system"..

II. Objectives

The goal of access control is to minimize the security risk of unauthorized access to
physical and logical systems.

III. Content

Making use of the security modules, you can implement a complete access rules for systems
developed by ScriptCase. The process for the security module creation is quick and simple.

Scriptcase has five types of security, they are similar, diverging only in how the permissions are
applied.

User Security Type

Under this security type all users have access to all applications. It works only for user
authentication. Scriptcase will create one table to store the user and password information and
validate the access using a login screen.

In this security type Scriptcase creates these tables:

 User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
 Logged users - Login, login date, Session, IP address
The table Logged users will be created only if the option Protect Logged users is checked
during the Security Module creation.
 Application Security Type

Under this type Scriptcase will also control login and password as the User Security and also
create a restricted access control to the applications or system options according to the logged
user. It is possible to define which applications is accessible to each user.

In this security type Scriptcase creates these tables:

 User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
 Application - Code, Description, Application type
 User / Application - Login, Application Name, Access privileges, Insert privileges, Delete
privileges, Update privileges, Export privileges, Print privileges
 Logged users - Login, login date, Session, IP address
The table Logged users will be created only if the option Protect Logged users is checked
during the Security Module creation.

Group Security Type

This type of security includes the options of User and Application types, however with the
Group Security type you will group the users and define the permissions to access the
applications or system options according to the groups. One user can belong to one or more
groups.

In this security type Scriptcase creates these tables:

 User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
 Group - Description and ID
 Application - Code, Description, Application type
 User / Group - Login, Group ID
 Group / Application - Group ID, Application name, Access privileges, Insert privileges,
Delete privileges, Update privileges, Export privileges, Print privileges
 Logged users - Login, login date, Session, IP address
The table Logged users will be created only if the option Protect Logged users is checked
during the Security Module creation.

LDAP Security Type

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard
application protocol for accessing and maintaining distributed directory information services
over an Internet Protocol (IP) network. You can use this protocol within Scriptcase Security
module to authentication users in two ways: (Authentication only, performs only a simple user
authentication, similar to User Security Type and the Total Control, where we can define the
access by groups, similar to the Group Security Type.

In this security type Scriptcase creates these tables:

  User - Login, Password, Name, E-mail, Active, Activation Code and admin privileges
 Application - Code, Description, Application type
 User / Application - Login, Application Name, Access privileges, Insert privileges, Delete
privileges, Update privileges, Export privileges, Print privileges
 Logged users - Login, login date, Session, IP address
The table Logged users will be created only if the option Protect Logged users is checked
during the Security Module creation.

See how to create each security type:

User security creation

Security Type

The first step is to select the security type you wish.

Connection

Then, you must select the database connection and some extra options to create the tables

that make up the security module. 

Connection
Sets the databse connection to create the security tables.

Use existing tables

 Let you use existing tables in your database. These tables must have the same fields used by the
Scriptcase security module, at least. We recommend you to use this option if you have already
used Scriptcase to create the tables previously, to minimize errors.

Create tables
This option creates all security tables in the selected database.

Tables prefix
You can set a prefix to the table names of the Security Module. By default, Scriptcase uses
“sec_”.

Delete if tables already exist

This option is available only when you select Create Tables. By choosing this option, The
Security Module drops the tables with the same name and replace them with new tables.

Protect Logged Users

Prevent users to perform simultaneous logins in different sessions.

Tables Link

This step is essential if the option “Use existing tables” is selected. In this case, you must
associate the fields from the existing tables to fields of security applications (applications
generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that
they can be associated with the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option “Create tables”, in the previous step, it ssociates the fields
automatically.

Settings

In this step, we can define the security module settings, such as User password encryption, the
folder to create the applications, the log module, and other settings.
Applications Prefix
You can set a prefix to the application names of the Security Module.

When session expires

Define the behaviour when the session expires.

 No action - The user continues using the application, but no saves after the session
expires.
 Redirect to login after the session expiration - The application returns to the login after
expiring the session.
 Display a message that the session has expired - Shows the message “session has
expired” to the user.

Encryption
Use encryption to store the password in the table of users.

Enable Security
Activate the flag Application Security for all project applications.

Remember login
Activating the flag allows the user to remain logged in when returning to the system when the
session ends, without having logged out.

Label Position at Login

Defines the Label positioning of the fields in relation to the data.
  Ao Lado - Default value of the applications, placing the label on the right side of the
input label to the Side
 Acima - Positions the label above the input label Above
 Abaixo - Positions the label below the input label Below
 Watermark - Positions the label as Watermark.

Enable Captcha
It activates the captcha for the login application.

 No - Does not display the captcha in the login application.

 Captcha - Uses the built-in scriptcase library for captcha display.
 reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure, click here.

Folder
The project folder name to store the applications generated by Security Module.

Theme
The theme to create the Security Module applications.

Log
This option is available if the project already has a Log Module. Click here and check out how to
create a Log Module

Menu
This option is only available if your project already has a Menu Application. You can associate
the existing Menu and include all applications generated by the Security Module to it. If you do
not select an existing Menu here, it creates a new Menu Application.

Menu Type
Security Module menu type (option only available if you do not select an existing menu in the
previous item)

Login

Here you can set the type and amount of characters allowed for the username and password
fields.
 Minimum size
Minimum amount of characters used by the user.

Maximum size
Maximum size of the characters used by the user.

Allowed characters
Define which characters are allowed when creating a password.

View password characters

This option toggles in the password field, allowing the displayed password to be displayed.

For the Show password characters option to work when the login application uses an HTML
Control, the input must be surrounded by the SC_FIELD_INI_field and SC_FIELD_END_field tags

Password Recovery Settings

It defines the password recovery method in the project.

The password recovery options work only when the SMTP server is configured, please check
the Email settings.

Send the password by e-mail

 The system emails the user password just if the SMTP has been correctly set up, and the
password is not using encryption.

Reset password and send new one by email

The system resets the password automatically and sends it to the user by email (just if the
SMTP has been correctly set up).

Send a link to e-mail with reset option

The system emails the user a link to access an application and reset the password.

New Users

Settings for creating new users in the security system.

The options activation by email and send an email to admin work only when the SMTP server
is configured properly, access Email settings to set it up.

System allows new users registration

This option sets the availability of users registration directly in the login system. If you do not
check this option, only users with administrative access can insert new users.

System requires activation by email

This option sets whether the new user must validate his registration by email to activate the
account (Configure the email SMTP to use this option)

System requires the user to send an email to admin

This option sets whether the system administrator receives an email whenever a new user is
registered. (Configure the email SMTP to use this option)

Email Settings

This option sets the email provider from the system.

The information from this example may change according to the SMTP. We are using the Gmail
SMTP for this example.
 SMTP Server
Enter the SMTP server address.

SMTP Port
Enter the SMTP server port. This information must comply with the secure connection option.
Use 465 for SSL, 587 for TLS, or 25 for unsafe connection. If you do not inform the port,
Scriptcase applies the default one: 25.

Secure Connection
Use SSL or TSL, or leave it blank for insecure connection.

SMTP User
Enter the SMTP User information.

SMTP Password
Enter the SMTP password information.

SMTP E-mail
Enter the SMTP outgoing email.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.
 Display logged users
If you check this option Scriptcase will also create with the Security Module a Grid Application
to display a report with all users current logged on the system

Brute Force Attack Protection

Enables/disables the blocking of users after some unsuccessful access attempts.

Brute Force lockout time (in Minutes)

Time, in minutes, that the user will remain inaccessible after several unsuccessful access
attempts. (Available only when rute Force Attack Protection is enabled)

Numbers of attempts before lock

Number of failed access attempts, until the protection is enabled. (Available only when enable
protection for brute force attacks)

Enter The First Record

This option inserts the first user into the security tables. This user has administrator privileges
to manage the security system and add new users.

ATTENTION: To increase the security of your project, we recommend changing the default
password “admin/admin” at this step or after the first access.

Login
This option sets the system administrator user.

Password
This option sets the system administrator password.

Name
This option sets the system administrator name.

E-mail
This option sets the system administrator user E-mail.
 Group
This option sets the group name that receives administrator privileges.

The group option is available only for Group Security, and it is not available for other security
module types.

Add Applications

This option adds the applications already created in the project to the Security Module
applications’ table.

Save Profile

Using this option, you save all settings during the Security Module creation. It can be used later
for other projects.

Save Profile
Allows you to save a profile with all the current security module settings.

Name
Profile name. It identifies the profile.

Target
This option sets what developers can use the saved profile afterward.

 Public - Set the security profile available in any project of your Scriptcase.
 Project - Set the security profile available only in the current project.
 User - Set the security profile available only to the current Scriptcase user.
Using A Saved Security Profile

You can select a saved profile at the beginning of a new Security Module

creation. 

Application security creation

Security Type

The first step is to select the security type you wish.

Connection

Then, you must select the database connection and some extra options to create the tables

that make up the security module. 

Connection
Sets the databse connection to create the security tables.

Use existing tables

Let you use existing tables in your database. These tables must have the same fields used by the
Scriptcase security module, at least. We recommend you to use this option if you have already
used Scriptcase to create the tables previously, to minimize errors.
 Create tables
This option creates all security tables in the selected database.

Tables prefix
You can set a prefix to the table names of the Security Module. By default, Scriptcase uses
“sec_”.

Delete if tables already exist

This option is available only when you select Create Tables. By choosing this option, The
Security Module drops the tables with the same name and replace them with new tables.

Protect Logged Users

Prevent users to perform simultaneous logins in different sessions.

Tables Link

This step is essential if the option “Use existing tables” is selected. In this case, you must
associate the fields from the existing tables to fields of security applications (applications
generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that
they can be associated with the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option “Create tables”, in the previous step, it ssociates the fields
automatically.

Settings

In this step, we can define the security module settings, such as User password encryption, the
folder to create the applications, the log module, and other settings.
Applications Prefix
You can set a prefix to the application names of the Security Module.

When session expires

Define the behaviour when the session expires.

 No action - The user continues using the application, but no saves after the session
expires.
 Redirect to login after the session expiration - The application returns to the login after
expiring the session.
 Display a message that the session has expired - Shows the message “session has
expired” to the user.

Encryption
Use encryption to store the password in the table of users.

Enable Security
Activate the flag Application Security for all project applications.

Remember login
Activating the flag allows the user to remain logged in when returning to the system when the
session ends, without having logged out.

Label Position at Login

Defines the Label positioning of the fields in relation to the data.
  Ao Lado - Default value of the applications, placing the label on the right side of the
input label to the Side
 Acima - Positions the label above the input label Above
 Abaixo - Positions the label below the input label Below
 Watermark - Positions the label as Watermark.

Enable Captcha
It activates the captcha for the login application.

 No - Does not display the captcha in the login application.

 Captcha - Uses the built-in scriptcase library for captcha display.
 reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure, click here.

Folder
The project folder name to store the applications generated by Security Module.

Theme
The theme to create the Security Module applications.

Log
This option is available if the project already has a Log Module. Click here and check out how to
create a Log Module

Menu
This option is only available if your project already has a Menu Application. You can associate
the existing Menu and include all applications generated by the Security Module to it. If you do
not select an existing Menu here, it creates a new Menu Application.

Menu Type
Security Module menu type (option only available if you do not select an existing menu in the
previous item)

Login

Here you can set the type and amount of characters allowed for the username and password
fields.
 Minimum size
Minimum amount of characters used by the user.

Maximum size
Maximum size of the characters used by the user.

Allowed characters
Define which characters are allowed when creating a password.

View password characters

This option toggles in the password field, allowing the displayed password to be displayed.

For the Show password characters option to work when the login application uses an HTML
Control, the input must be surrounded by the SC_FIELD_INI_field and SC_FIELD_END_field tags

Password Recovery Settings

It defines the password recovery method in the project.

The password recovery options work only when the SMTP server is configured, please check
the Email settings.

Send the password by e-mail

 The system emails the user password just if the SMTP has been correctly set up, and the
password is not using encryption.

Reset password and send new one by email

The system resets the password automatically and sends it to the user by email (just if the
SMTP has been correctly set up).

Send a link to e-mail with reset option

The system emails the user a link to access an application and reset the password.

New Users

Settings for creating new users in the security system.

The options activation by email and send an email to admin work only when the SMTP server
is configured properly, access Email settings to set it up.

System allows new users registration

This option sets the availability of users registration directly in the login system. If you do not
check this option, only users with administrative access can insert new users.

System requires activation by email

This option sets whether the new user must validate his registration by email to activate the
account (Configure the email SMTP to use this option)

System requires the user to send an email to admin

This option sets whether the system administrator receives an email whenever a new user is
registered. (Configure the email SMTP to use this option)

Email Settings

This option sets the email provider from the system.

The information from this example may change according to the SMTP. We are using the Gmail
SMTP for this example.
 SMTP Server
Enter the SMTP server address.

SMTP Port
Enter the SMTP server port. This information must comply with the secure connection option.
Use 465 for SSL, 587 for TLS, or 25 for unsafe connection. If you do not inform the port,
Scriptcase applies the default one: 25.

Secure Connection
Use SSL or TSL, or leave it blank for insecure connection.

SMTP User
Enter the SMTP User information.

SMTP Password
Enter the SMTP password information.

SMTP E-mail
Enter the SMTP outgoing email.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.
 Display logged users
If you check this option Scriptcase will also create with the Security Module a Grid Application
to display a report with all users current logged on the system

Brute Force Attack Protection

Enables/disables the blocking of users after some unsuccessful access attempts.

Brute Force lockout time (in Minutes)

Time, in minutes, that the user will remain inaccessible after several unsuccessful access
attempts. (Available only when rute Force Attack Protection is enabled)

Numbers of attempts before lock

Number of failed access attempts, until the protection is enabled. (Available only when enable
protection for brute force attacks)

Enter The First Record

This option inserts the first user into the security tables. This user has administrator privileges
to manage the security system and add new users.

ATTENTION: To increase the security of your project, we recommend changing the default
password “admin/admin” at this step or after the first access.

Login
This option sets the system administrator user.

Password
This option sets the system administrator password.

Name
This option sets the system administrator name.

E-mail
This option sets the system administrator user E-mail.
 Group
This option sets the group name that receives administrator privileges.

The group option is available only for Group Security, and it is not available for other security
module types.

Add Applications

This option adds the applications already created in the project to the Security Module
applications’ table.

Save Profile

Using this option, you save all settings during the Security Module creation. It can be used later
for other projects.

Save Profile
Allows you to save a profile with all the current security module settings.

Name
Profile name. It identifies the profile.

Target
This option sets what developers can use the saved profile afterward.

 Public - Set the security profile available in any project of your Scriptcase.
 Project - Set the security profile available only in the current project.
 User - Set the security profile available only to the current Scriptcase user.
Using A Saved Security Profile

You can select a saved profile at the beginning of a new Security Module

creation. 

Group security creation

Security Type

The first step is to select the security type you wish.

Connection

Then, you must select the database connection and some extra options to create the tables

that make up the security module. 

Connection
Sets the databse connection to create the security tables.

Use existing tables

Let you use existing tables in your database. These tables must have the same fields used by the
Scriptcase security module, at least. We recommend you to use this option if you have already
used Scriptcase to create the tables previously, to minimize errors.
 Create tables
This option creates all security tables in the selected database.

Tables prefix
You can set a prefix to the table names of the Security Module. By default, Scriptcase uses
“sec_”.

Delete if tables already exist

This option is available only when you select Create Tables. By choosing this option, The
Security Module drops the tables with the same name and replace them with new tables.

Protect Logged Users

Prevent users to perform simultaneous logins in different sessions.

Tables Link

This step is essential if the option “Use existing tables” is selected. In this case, you must
associate the fields from the existing tables to fields of security applications (applications
generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that
they can be associated with the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option “Create tables”, in the previous step, it ssociates the fields
automatically.

Settings

In this step, we can define the security module settings, such as User password encryption, the
folder to create the applications, the log module, and other settings.
Applications Prefix
You can set a prefix to the application names of the Security Module.

When session expires

Define the behaviour when the session expires.

 No action - The user continues using the application, but no saves after the session
expires.
 Redirect to login after the session expiration - The application returns to the login after
expiring the session.
 Display a message that the session has expired - Shows the message “session has
expired” to the user.

Encryption
Use encryption to store the password in the table of users.

Enable Security
Activate the flag Application Security for all project applications.

Remember login
Activating the flag allows the user to remain logged in when returning to the system when the
session ends, without having logged out.

Label Position at Login

Defines the Label positioning of the fields in relation to the data.
  Ao Lado - Default value of the applications, placing the label on the right side of the
input label to the Side
 Acima - Positions the label above the input label Above
 Abaixo - Positions the label below the input label Below
 Watermark - Positions the label as Watermark.

Enable Captcha
It activates the captcha for the login application.

 No - Does not display the captcha in the login application.

 Captcha - Uses the built-in scriptcase library for captcha display.
 reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure, click here.

Folder
The project folder name to store the applications generated by Security Module.

Theme
The theme to create the Security Module applications.

Log
This option is available if the project already has a Log Module. Click here and check out how to
create a Log Module

Menu
This option is only available if your project already has a Menu Application. You can associate
the existing Menu and include all applications generated by the Security Module to it. If you do
not select an existing Menu here, it creates a new Menu Application.

Menu Type
Security Module menu type (option only available if you do not select an existing menu in the
previous item)

Login

Here you can set the type and amount of characters allowed for the username and password
fields.
 Minimum size
Minimum amount of characters used by the user.

Maximum size
Maximum size of the characters used by the user.

Allowed characters
Define which characters are allowed when creating a password.

View password characters

This option toggles in the password field, allowing the displayed password to be displayed.

For the Show password characters option to work when the login application uses an HTML
Control, the input must be surrounded by the SC_FIELD_INI_field and SC_FIELD_END_field tags

Password Recovery Settings

It defines the password recovery method in the project.

The password recovery options work only when the SMTP server is configured, please check
the Email settings.

Send the password by e-mail

 The system emails the user password just if the SMTP has been correctly set up, and the
password is not using encryption.

Reset password and send new one by email

The system resets the password automatically and sends it to the user by email (just if the
SMTP has been correctly set up).

Send a link to e-mail with reset option

The system emails the user a link to access an application and reset the password.

New Users

Settings for creating new users in the security system.

The options activation by email and send an email to admin work only when the SMTP server
is configured properly, access Email settings to set it up.

System allows new users registration

This option sets the availability of users registration directly in the login system. If you do not
check this option, only users with administrative access can insert new users.

System requires activation by email

This option sets whether the new user must validate his registration by email to activate the
account (Configure the email SMTP to use this option)

System requires the user to send an email to admin

This option sets whether the system administrator receives an email whenever a new user is
registered. (Configure the email SMTP to use this option)

Email Settings

This option sets the email provider from the system.

The information from this example may change according to the SMTP. We are using the Gmail
SMTP for this example.
 SMTP Server
Enter the SMTP server address.

SMTP Port
Enter the SMTP server port. This information must comply with the secure connection option.
Use 465 for SSL, 587 for TLS, or 25 for unsafe connection. If you do not inform the port,
Scriptcase applies the default one: 25.

Secure Connection
Use SSL or TSL, or leave it blank for insecure connection.

SMTP User
Enter the SMTP User information.

SMTP Password
Enter the SMTP password information.

SMTP E-mail
Enter the SMTP outgoing email.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.
 Display logged users
If you check this option Scriptcase will also create with the Security Module a Grid Application
to display a report with all users current logged on the system

Brute Force Attack Protection

Enables/disables the blocking of users after some unsuccessful access attempts.

Brute Force lockout time (in Minutes)

Time, in minutes, that the user will remain inaccessible after several unsuccessful access
attempts. (Available only when rute Force Attack Protection is enabled)

Numbers of attempts before lock

Number of failed access attempts, until the protection is enabled. (Available only when enable
protection for brute force attacks)

Enter The First Record

This option inserts the first user into the security tables. This user has administrator privileges
to manage the security system and add new users.

ATTENTION: To increase the security of your project, we recommend changing the default
password “admin/admin” at this step or after the first access.

Login
This option sets the system administrator user.

Password
This option sets the system administrator password.

Name
This option sets the system administrator name.

E-mail
This option sets the system administrator user E-mail.
 Group
This option sets the group name that receives administrator privileges.

The group option is available only for Group Security, and it is not available for other security
module types.

Add Applications

This option adds the applications already created in the project to the Security Module
applications’ table.

Save Profile

Using this option, you save all settings during the Security Module creation. It can be used later
for other projects.

Save Profile
Allows you to save a profile with all the current security module settings.

Name
Profile name. It identifies the profile.

Target
This option sets what developers can use the saved profile afterward.

 Public - Set the security profile available in any project of your Scriptcase.
 Project - Set the security profile available only in the current project.
 User - Set the security profile available only to the current Scriptcase user.
Using A Saved Security Profile

You can select a saved profile at the beginning of a new Security Module

creation. 

LDAP Creation - Authentication Only

Security Type

The first step is to select the security type you wish.

Connection

Then, you must select the database connection and some extra options to create the tables
that make up the security module.

Settings

In this step, we can define the security module settings, such as User password encryption, the
folder to create the applications, the log module, and other settings.
Applications Prefix
You can set a prefix to the application names of the Security Module.

When session expires

Define the behaviour when the session expires.

 No action - The user continues using the application, but no saves after the session
expires.
 Redirect to login after the session expiration - The application returns to the login after
expiring the session.
 Display a message that the session has expired - Shows the message “session has
expired” to the user.

Encryption
Use encryption to store the password in the table of users.

Enable Security
Activate the flag Application Security for all project applications.

Enable Captcha
It activates the captcha for the login application.

 No - Does not display the captcha in the login application.

 Captcha - Uses the built-in scriptcase library for captcha display.
 reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure, click here.

Folder
The project folder name to store the applications generated by Security Module.
 Theme
The theme to create the Security Module applications.

Log
This option is available if the project already has a Log Module. Click here and check out how to
create a Log Module

Menu
This option is only available if your project already has a Menu Application. You can associate
the existing Menu and include all applications generated by the Security Module to it. If you do
not select an existing Menu here, it creates a new Menu Application.

Menu Type
Security Module menu type (option only available if you do not select an existing menu in the
previous item)

Login

Here you can set the type and amount of characters allowed for the username and password
fields.

Minimum size
Minimum amount of characters used by the user.

Maximum size
Maximum size of the characters used by the user.

Characters allowed
 Define which characters are allowed when creating a password.

LDAP

Under this option, you must inform your LDAP server settings.

Server
Enter here the LDAP server IP.

DN
Enter the input attributes.

Port
Enter here the port for access to the server. Default port is 389.

Sufix
Enter the user suffix.

Registering The Admin User

This option inserts the first user into the security tables. This user has administrator privileges
to manage the security system and add new users.

Login
This option sets the system administrator user.

Password
 This option sets the system administrator password.

Name
This option sets the system administrator name.

E-mail
This option sets the system administrator user E-mail.

Save Profile

Using this option, you save all settings during the Security Module creation. It can be used later
for other projects.

Save Profile
Allows you to save a profile with all the current security module settings.

Name
Profile name. It identifies the profile.

Target
This option sets what developers can use the saved profile afterward.

 Public - Set the security profile available in any project of your Scriptcase.
 Project - Set the security profile available only in the current project.
 User - Set the security profile available only to the current Scriptcase user.

Using A Saved Security Profile

You can select a saved profile at the beginning of a new Security Module creation.
LDAP Creation - Total control

Security Type

The first step is to select the security type you wish.

Connection

Then, you must select the database connection and some extra options to create the tables

that make up the security module. 

Connection
Sets the databse connection to create the security tables.

Use existing tables

Let you use existing tables in your database. These tables must have the same fields used by the
Scriptcase security module, at least. We recommend you to use this option if you have already
used Scriptcase to create the tables previously, to minimize errors.

Create tables
This option creates all security tables in the selected database.

Tables prefix
You can set a prefix to the table names of the Security Module. By default, Scriptcase uses
“sec_”.
 Delete if tables already exist
This option is available only when you select Create Tables. By choosing this option, The
Security Module drops the tables with the same name and replace them with new tables.

Protect Logged Users

Prevent users to perform simultaneous logins in different sessions.

Tables Link

This step is essential if the option “Use existing tables” is selected. In this case, you must
associate the fields from the existing tables to fields of security applications (applications
generated by the Security Module).

In these cases, the existing database tables must contain a minimum number of fields so that
they can be associated with the fields of security applications.

The required tables for each type of security are described at the beginning of this article.

If you have selected the option “Create tables”, in the previous step, it ssociates the fields
automatically.

Settings

In this step, we can define the security module settings, such as User password encryption, the
folder to create the applications, the log module, and other settings.

Applications Prefix
You can set a prefix to the application names of the Security Module.
When session expires
Define the behaviour when the session expires.

 No action - The user continues using the application, but no saves after the session
expires.
 Redirect to login after the session expiration - The application returns to the login after
expiring the session.
 Display a message that the session has expired - Shows the message “session has
expired” to the user.

Encryption
Use encryption to store the password in the table of users.

Enable Security
Activate the flag Application Security for all project applications.

Enable Captcha
It activates the captcha for the login application.

 No - Does not display the captcha in the login application.

 Captcha - Uses the built-in scriptcase library for captcha display.
 reCAPTCHA - Uses Google’s reCAPTCHA V2. To configure, click here.

Folder
The project folder name to store the applications generated by Security Module.

Theme
The theme to create the Security Module applications.

Log
This option is available if the project already has a Log Module. Click here and check out how to
create a Log Module

Menu
This option is only available if your project already has a Menu Application. You can associate
the existing Menu and include all applications generated by the Security Module to it. If you do
not select an existing Menu here, it creates a new Menu Application.

Menu Type
Security Module menu type (option only available if you do not select an existing menu in the
previous item)
Login

Here you can set the type and amount of characters allowed for the username and password
fields.

Minimum size
Minimum amount of characters used by the user.

Maximum size
Maximum size of the characters used by the user.

Characters allowed
Define which characters are allowed when creating a password.

Email Settings

This option sets the email provider from the system.

The information from this example may change according to the SMTP. We are using the Gmail
SMTP for this example.
 SMTP Server
Enter the SMTP server address.

SMTP Port
Enter the SMTP server port. This information must comply with the secure connection option.
Use 465 for SSL, 587 for TLS, or 25 for unsafe connection. If you do not inform the port,
Scriptcase applies the default one: 25.

Secure Connection
Use SSL or TSL, or leave it blank for insecure connection.

SMTP User
Enter the SMTP User information.

SMTP Password
Enter the SMTP password information.

SMTP E-mail
Enter the SMTP outgoing email.

LDAP

Under this option, you must inform your LDAP server settings.

Server
Enter here the LDAP server IP.
 DN
Enter the input attributes.

Port
Enter here the port for access to the server. Default port is 389.

Sufix
Enter the user suffix.

Logged Users

Defines the system behavior for login protection.

This option is available if you have checked Protect logged users during the connection step.

Display logged users

If you check this option Scriptcase will also create with the Security Module a Grid Application
to display a report with all users current logged on the system

Brute Force Attack Protection

Enables/disables the blocking of users after some unsuccessful access attempts.

Brute Force lockout time (in Minutes)

Time, in minutes, that the user will remain inaccessible after several unsuccessful access
attempts. (Available only when rute Force Attack Protection is enabled)

Numbers of attempts before lock

Number of failed access attempts, until the protection is enabled. (Available only when enable
protection for brute force attacks)

Registering The Admin User

This option inserts the first user into the security tables. This user has administrator privileges
to manage the security system and add new users.
 Login
This option sets the system administrator user.

Password
This option sets the system administrator password.

Name
This option sets the system administrator name.

E-mail
This option sets the system administrator user E-mail.

Add Applications

This option adds the applications already created in the project to the Security Module
applications’ table.

Save Profile

Using this option, you save all settings during the Security Module creation. It can be used later
for other projects.
 Save Profile
Allows you to save a profile with all the current security module settings.

Name
Profile name. It identifies the profile.

Target
This option sets what developers can use the saved profile afterward.

 Public - Set the security profile available in any project of your Scriptcase.
 Project - Set the security profile available only in the current project.
 User - Set the security profile available only to the current Scriptcase user.

Using A Saved Security Profile

You can select a saved profile at the beginning of a new Security Module creation.

reCAPTCHA
ReCAPTCHA is an API provided by Google for forms. It adds security, preventing automatic
submission of forms through robots.

reCAPTCHA sample:

1. First, we must request an API Key to activate reCAPTCHA into a Scriptcase application by
following the steps below:
 To get a Site key and Secret Key go to the
link: https://www.google.com/recaptcha/admin#list. See the image:

Label
It is a project identifier to create the reCAPTCHA keys.

Choose the type of reCaptcha

We must choose the option reCAPTCHA V2.

Domains
We can insert multiple domains (one per line) to limit the API uses.

1. Then, we need to accept the Terms of Service (“Accept the reCAPTCHA Terms of
Service”).
2. When clicking on Register, the page refreshes and shows the integration of reCAPTCHA
information. There we can get the Site Key and Secret Key:
 1. Now, we can set the Scriptcase application security:

Site Key
Key generated by Google after reCAPTCHA project creation.

Secret Key
Key generated by Google after reCAPTCHA project creation.

IV. Activities

V. References

Schou,C Hernandez, S: Information Assurance Handbook, Mc Graw Hill 2015