TMMDemoSupport

Security

Article Topics: Customization, One Click Systems

The Configuration Admin's "Security" section contains options to configure who can access secure areas of your NATS program.

Important: Be careful editing these settings, as you can easily lock yourself out.

Admin IPS

  • Admin IPs - A comma-delimited list of IPs allowed for admin access. Leave empty to disable.

  • Tmm Admin IPs - IP Addresses for Too Much Media's admin access. Used by TMM Admins.

  • Remote Auth IPs - Set secure IP Addresses permitted for remote authentication of reseller accounts.

  • Secure IPs - Secure IP Addresses permitted to post login log entries.

  • Shop Allowed IPs - Secure IP Addresses allowed to post shop transactions.

  • Extended Track Allowed IPs - Comma-delimited list of IPs authorized to post extended sales. Leave empty if not set.

APIs

  • Admin API Allowed IPs - Set the IP Address of IPs allowed to access the Admin API.

  • Enable SOAP API - Set whether to enable the SOAP API.

  • Enable REST API - Set whether to enable the REST API.

Data Encryption

Important: CHANGES TO THIS WILL NOT EFFECT ALREADY ENCODED DATA. Please put in a ticket with TMM if you want to make any changes to encryption.

  • Encrypt Member Username - Encrypt member usernames. Encrypted member usernames will be in lowercase.

Please Note: Username encryption may impact member authentication processes. Reach out to TMM before making changes.

  • Encrypt Member Password - Encrypt member passwords.

  • Encrypt Member Email - Encrypt member email addresses.

  • Encrypt Member First Name - Encrypt member first names.

  • Encrypt Member Lastname - Encrypt member last names.

  • Encrypt Member Address - Encrypt member addresses.

  • Encrypt Member Temp - Encrypt member temp table.

  • Encrypt Member Note - Encrypt member notes.

  • Encrypt Memberip - Encrypt members' IP addresses.

  • Encrypt Surferip - Encrypt surfers' IP addresses.

  • Encrypt ATVOD Verification - Encrypt sensitive ATVOD verification information.

  • Encrypt Affiliate Email - Encrypt affiliate email addresses.

  • Encrypt Affiliate Info - Encrypt affiliate private information.

  • Encrypt Payvia - Encrypt affiliate payment information.

  • Encrypt Mail Queue - Encrypt send-to addresses and variables in the mail queue.

  • Encrypt Config - Encrypt configuration information.

  • Encrypt Postbacks - Encrypt data stored in NATS for delayed (and retried) postbacks.

  • Decrypt Option Biller - Keep option biller details decrypted.

  • Decrypt Site Biller - Keep site biller details decrypted.

Document Upload

  • Documents Secure Ext - Comma-delimited list of extensions allowed for document upload.

  • Documents Secure Ips - Comma-delimited list of IPs allowed for document upload.

Throttling

  • Throttle White List IPs - Comma-delimited list of IPs to allow skipping of throttling checks.

  • Throttle Black List IPs - Comma-delimited list of IPs to automatically fail throttling checks.

  • Throttle Approved - Turn on throttle checking for the approved.php page (initial member approval template).

  • Throttle Approved Max Count - Maximum number of attempts to approved.php page from a single IP address (initial member approval template).

  • Throttle Approved Time Limit - Number of seconds to wait to clear past hit attempts to approved.php page (initial member approval template).

  • Throttle Upgradeplus - Turn on throttle checking for the upgradeplus.php page (instant upgrades).

  • Throttle Upgradeplus Max Count - Maximum number of attempts to upgradeplus.php page from a single IP address (instant upgrades).

  • Throttle Upgradeplus Time Limit - Number of seconds to wait to clear past hit attempts to upgradeplus.php page (instant upgrades).

  • Throttle Upgraded - Turn on throttle checking for the upgraded.php page (member upgraded templates).

  • Throttle Upgraded Max Count - Maximum number of attempts to upgraded.php page from a single IP address (member upgraded templates).

  • Throttle Upgraded Time Limit - Number of seconds to wait to clear past hit attempts to upgraded.php page (member upgraded templates).

  • Throttle Upsellplus - Turn on throttle checking for the upsellplus.php page (upsells).

  • Throttle Upsellplus Max Count - Maximum number of attempts to upsellplus.php page from a single IP address (upsells).

  • Throttle Upsellplus Time Limit - Number of seconds to wait to clear past hit attempts to upsellplus.php page (upsells).

  • Throttle Packageplus - Turn on throttle checking for the packageplus.php page (package upgrades).

  • Throttle Packageplus Max Count - Maximum number of attempts to packageplus.php page from a single IP address (package upgrades).

  • Throttle Packageplus Time Limit - Number of seconds to wait to clear past hit attempts to packageplus.php page (package upgrades).

  • Throttle Tokenplus - Turn on throttle checking for the tokenplus.php page (token rebuys).

  • Throttle Tokenplus Max Count - Maximum number of attempts to tokenplus.php page from a single IP address (token rebuys).

  • Throttle Tokenplus Time Limit - Number of seconds to wait to clear past hit attempts to tokenplus.php page (token rebuys).

  • Throttle Cancelplus - Turn on throttle checking for the cancelplus.php page (member subscription cancel requests).

  • Throttle Cancelplus Max Count - Maximum number of attempts to cancelplus.php page from a single IP address (member subscription cancel requests).

  • Throttle Cancelplus Time Limit - Number of seconds to wait to clear past hit attempts to cancelplus.php page (member subscription cancel requests).

  • Throttle Duplicate - Turn on throttle checking for the duplicate.php page (duplicate membership on signup).

  • Throttle Duplicate Max Count - Maximum number of attempts to duplicate.php page from a single IP address (duplicate membership on signup).

  • Throttle Duplicate Time Limit - Number of seconds to wait to clear past hit attempts to duplicate.php page (duplicate membership on signup).

  • Throttle Verifyplus - Turn on throttle checking for the verifyplus.php page (member address verification for ATVOD).

  • Throttle Verifyplus Max Count - Maximum number of attempts to verifyplus.php page from a single IP address (member address verification for ATVOD).

  • Throttle Verifyplus Time Limit - Number of seconds to wait to clear past hit attempts to verifyplus.php page (member address verification for ATVOD).

  • Throttle Signupplus - Turn on throttle checking for the signupplus.php page (expired member one-click signup).

  • Throttle Signupplus Max Count - Maximum number of attempts to signupplus.php page from a single IP address (expired member one-click signup).

  • Throttle Signupplus Time Limit - Number of seconds to wait to clear past hit attempts to signupplus.php page (expired member one-click signup).

  • Throttle Signup Validation - Turn on throttle checking for the signup_validation.php page (perform validation on passed-in data).

  • Throttle Signup Validation Max Count - Maximum number of attempts to signup_validation.php page from a single IP address (perform validation on passed-in data).

  • Throttle Signup Validation Time Limit - Number of seconds to wait to clear past hit attempts to signup_validation.php page (perform validation on passed-in data).

  • Throttle Password - Turn on throttle checking for the password.php page (member forgot password page).

  • Throttle Password Max Count - Maximum number of attempts to password.php page from a single IP address (member forgot password page).

  • Throttle Password Time Limit - Number of seconds to wait to clear past hit attempts to password.php page (member forgot password page).

  • Throttle Forget Member - Turn on throttle checking for the PATCH /member/forget API function.

  • Throttle Forget Member Max Count - Maximum number of attempts to the PATCH /member/forget API function from a single IP address.

  • Throttle Forget Member Time Limit - Number of seconds to wait to clear past hit attempts to the PATCH /member/forget API function.

  • Throttle Login - Turn on throttle checking for the login.php page (member login page) for the OpenID server.

  • Throttle Login Max Count - Maximum number of attempts to login.php page from a single IP address (member login page) for the OpenID server.

  • Throttle Login Time Limit - Number of seconds to wait to clear past hit attempts to login.php page (member login page) for the OpenID server.

Auth Strings

  • Member String Auth Cancelplus - Set whether to require authstring to process hits on cancelplus.php.

  • Member String Auth Packageplus - Set whether to require authstring to process hits on packageplus.php.

  • Member String Auth Tokenplus - Set whether to require authstring to process hits on tokenplus.php.

  • Member String Auth Upgradeplus - Set whether to require authstring to process hits on upgradeplus.php.

  • Member String Auth Upsellplus - Set whether to require authstring to process hits on upsellplus.php.

  • Member String Auth Signupplus - Set whether to require authstring to process hits on signupplus.php.

Input Source

  • Packageplus Post Only - Set whether to require input for packageplus.php to be $_POST only (otherwise, it will be $_REQUEST)

  • Tokenplus Post Only - Set whether to require input for tokenplus.php to be $_POST only (otherwise, it will be $_REQUEST)

  • Cancelplus Post Only - Set whether to require input for cancelplus.php to be $_POST only (otherwise, it will be $_REQUEST)

  • Signupplus Post Only - Set whether to require input for signupplus.php to be $_POST only (otherwise, it will be $_REQUEST)

Two Factor Authentication

  • G2FA Window - Set the allowed difference in time between the time on the user's device and the time on the server.

PreviousPostbackNextSurfer

Last updated

Was this helpful?