| AllowedReferersAdminJSP
|
By default, referrer URL checking will not be performed.
|
This parameter allows you to specify the Referrer URL allowed by MFT.
Defining Referrer URLs provides an additional layer of security to MFT. This parameter is used by the administrator JSP pages. You can define multiple URLs. Delimit multiple URLs with a comma.
Note: You should enter the URL for this MFT server.
|
| AllowedReferersForXferNavigation
|
By default, referrer URL checking will not be performed.
|
This parameter allows you to specify the Referrer URL allowed by MFT.
Defining Referrer URLs provides an additional layer of security to MFT. This parameter is used by the file transfer client. You can define multiple URLs separated by commas.
Note: You should enter the URL for this MFT server.
|
| Anonymous
|
No default
|
Defines users that can login in without password validation.
Ensure that these users have limited file transfer authorization. More importantly, ensure that these users do not have any administrator rights.
|
| BCFipsMode
|
False
|
Defines whether MFT is using BouncyCastle FIPS mode. The default value of
False indicates that MFT is not running in FIPS mode, while
True indicates that MFT is running in FIPS mode.
Note: This value should never be changed manually. The
fips.bat and fips.sh scripts set this value.
|
| BCProvider
|
No default
|
Defines the BouncyCastle security provider.
Use the default value unless you are instructed by Tech Support to change this.
|
| ChangedPasswordEmailEnabled
|
No
|
Defines whether an email is sent to a user when the user changes their password.
Valid Values:
Yes: Sends an email to the user when a user changes their password
No: Does not send an email to the user when a user changes their password
|
| HTTPOnlyCookies
|
True
|
If set to true, all cookies created by MFT have the HTTPOnly attribute set. By default, httponly is set for MFT generated cookies. There are a few cookies that do not have HttpOnly set, because the JavaScript requires these cookies. The cookies that do not have HttpOnly set do not contain any privileged or sensitive information.
|
| HTTPSCertAuthField
|
None
|
Allows you to override the Certificate field that contains the user ID. By default, MFT matches the certificate against the HTTPS public keys defined for users. The
web.xml file has a commented value that shows how to use the "SAN:OtherName:PrincipalName" as the user ID.
|
| InstallAdminService
|
Set during installation
|
Defines whether the administrator service is installed on an
TIBCO MFT Internet Server instance.
If the administrator service is installed, this parameter is set to
YES. If you set it to
NO, the administrator service requests for this instance will fail. Note: If the administrator service for the
TIBCO MFT Internet Server instance is not installed and set to
NO by the installer, setting this parameter to
YES will be ignored.
|
| LoadBalancerIPAddressList
|
No default
|
For HTTP requests that go through a load balancer, MFT will use the HTTP header "X-Forwarded-For" IP address as the IP address of the incoming request when the actual IP address matches one of the addresses defined by this parameter. You can define multiple Load Balancer IP addresses by separating them with a comma.
|
| PasswordHashNew
|
SHA-256
|
Defines the hashing algorithm used when a user password is changed or a new user is created. Because this password is a hash, it cannot be decrypted.
|
|
PrivacyPolicyURL
|
No default
|
Defines the URL of the privacy policy link that is added to the footer of each browser page.
When no value is defined, the footer will not contain a privacy policy link.
When any value is defined, the
View Privacy Policy link will be displayed on the footer of each page. You can click this link to open a privacy policy page.
Note: MFT does not provide a privacy policy page. You must define a privacy policy page that will be opened by the
View Privacy Policy link.
|
| SessionTimeOut
|
30
|
Defines the session timeout in minutes for active SFTP connections and FTP control connections.
If the connection is inactive for longer than the time defined, the next request will fail. The HTTP timeout is set by the
SessionTimeOut parameter configured in the
<MFT_Install>/server/conf/cfcc/xml directory.
|
|
SmtpTLSEnabled
|
false
|
Defines whether SSL/TLS is used when communicating to an SMTP server.
false: Indicates that SSL/TLS will not be used.
true: Indicates that the SMTP communication will be performed using SSL.
|
| UnsecuredHTTPSupport
|
NO
|
Defines whether HTTP requests will be accepted.
The default value of
NO indicates that HTTP Requests will not be accepted. Specifying
YES will allow HTTP requests if an HTTP connector is defined.
|
| SSHSecurityLevel
|
No default
|
Controls the SSH security level. Based on this setting, cipher/hash/key is automatically chosen.
The valid values are:
Weak,
Strong,
Paranoid. (Any other value can also be specified as this parameter is not set. )
If this value is specified, the original settings for
SSHCipherSuite,
SSHKeyExchange,
SSHDigestSuite are ignored. If this value is not specified, there is no change.
Note: This setting is quite strict and many clients might stop working at the Strong or Paranoid level.
|
