Security and Network
Security Configuration
Password Expires After Day(s): The amount of time a user’s Dashboard password can remain the same before they are forced to change it.
Minimum Password Length: The minimum length that a user’s password can be set to. If a user tries to set a password shorter than this it will be rejected and they will need to set a new one.
Prevent Users From Using Last Password(s): If this is set to 15 for example, users cannot create a new password which is the same as any of their last 15 passwords.
Prevent Users From Using Compromised Passwords: This prevents the user from creating a new password which has been compromised. Compromised status is ascertained by reference to the haveibeenpwned API ( https://haveibeenpwned.com/API/v3 )
Prevent Users From Using Weak Passwords: This prevents the user from creating a new password which our password strength estimation algorithm considers ‘weak’.
Max Failed Logins: The number of times a user can attempt to log in with an incorrect username or password before their account is locked.
Captcha At Failed Logins: The number of failed login attempts by a user before a captcha image is displayed.
User Sessions Timeout After Minutes Of Inactivity: The amount of time a dashboard session will remain active if it is not being used.
JWT Auth Public Key: If you are using JWT Authentication this is where you enter (as one line, no spaces) the Base 64 String Version of your public key. See ‘Authentication’ for more information.
Enable concurrent log ins for a single user: This will allow multiple browser sessions to connect using the same piDashboard username, if the licence you are using also supports this. If this is not enabled (and/or the licence doesn’t support it) then subsequent logins will succeed, but they will automatically log out prior sessions.
Logging Settings
Setting the log level
Setting the log level of an application decides the amount of content to be saved to log files. It means we are interested in the current and above levels.
Severity from high to low: Fatal, Error, Warn, Info, Debug, Trace
e.g. Setting it to Warn, means
Fatal, Error, Warn logs (current and above levels) are output into log files,
Info, Debug, Trace logs (lower than this level) are ignored, these events don’t output content to log files
Error is the least granular/least verbose and debug is the most. These settings should be left to ‘Error’ unless you’re trying to investigate an issue.
Debug can be very intensive so should only be used on a temporary basis.
Log Levels and their meaning
When an application outputs logs to log files, the content is marked with a log level. The log level indicates the severity of an event.
Fatal - A log message at Fatal level indicates a system down event
Error - A log message at Error level indicates something is broken, while the system is still running (We log 500 level errors as Error)
Warn - A log message at Warn level is an unintended event that can be recovered (We log 400 level errors as Warn)
Info - Info level message captures a system event e.g. service start/stop, configuration assumptions, etc
Debug - Debug messages contain information that is diagnostically helpful, typically it has data values related to certain events
Trace - Trace level logs provide verbose content for events in a system. (We don’t log Trace level logs in our system)
Error Codes
500 level - A 500 level error is a system error, which is not recoverable from the user’s perspective
400 level - A 400 level error is a user error. The system doesn’t have any problem, and the user is doing something unintended. For example
400 - bad data is submitted, e.g. text is too long, number is too low, data format is incorrect
401 - user fails to log in, e.g. username password don’t match
403 - user is logged in but doesn’t have permission to perform a task, e.g. non-admin tries to delete a user
404 - page doesn’t exist
Features and Performance
Overall display limit for list of values - controls the max amount of data can be displayed on a list or tree list. This change is only implemented in the following areas:
Users screen
Every tab on the User Access screen, including ‘Sync User Access’
The User selection screen in Scheduler
Display limit for sub list values - when it's a tree list, this is the max number allowed for displaying the sub list. When it's over the limit, a message will be displayed
Tree Structure:
The tree structure can be collapsed or expanded - if the data is less than the overall limit (X), it expands everything initially, otherwise everything is collapsed
The filter feature only includes expanded content - this is why everything is expanded initially if possible
When sub list is over the sub list limit (Y), the system suggests using the filter to reduce the numbers so that the list can be displayed with less items
When expanded items can potentially show more than the overall limit (X), the system stops expanding the list (the expanding button turns red)
Flat Structure:
When items are over the display limit (X), it creates pagination
If the pagination is more than 5 pages, users can enter a number to paginate
If the pagination is no more than 5 pages, users can click the pages to paginate
The filter filters all the data, it doesn't have the same constraints as the tree structure
Enable Variables on Object Labels - this option allows the use of Variables in the Object label field in Dashboard Configuration>Data Connections. Please refer to this page for more information.
Network Configuration
Load Balancer Settings: If you have configured load balancing (Load Balancing) and wish to utilise it click this button.
AWS IAM Credentials
Please refer to this section in our documentation on AWS Cloudformation Deployment for further information.
Server Settings
SMTP Server Instructions: for the dashboard to connect to your email server. The example shown is for Office365. SSL and TLS refer to the encryption configuration for your SMTP mail server
By default, the ‘Allow Unverified Security Certificates’ box will be unticked which will allow for the security checks to be carried out for the certificates used.
This functionality will affect the certificates used for forgotten password emails and scheduler emails.
Time Zone Location Settings
The Scheduler was previously locked to UTC and this could cause problems when the clocks changed due to Daylight Savings. With effect from the October 2022 release of the Dashboard, we’ve introduced a ‘Time Zone Location Setting’, which will allow users to define a custom time zone that will be used in Scheduler. Click the drop-down list to select the relevant time zone.
CUSTOMER NEWS - Our November 24 Release Is Now Available - Download It Now!