# Security *Article Topics:* [*Customization*](https://docs.toomuchmedia.com/getting-started/common-topics/customization)*,* [*One Click Systems*](https://docs.toomuchmedia.com/getting-started/common-topics/one-click-systems) The Configuration Admin's "Security" section contains options to configure who can access secure areas of your NATS program. {% hint style="warning" %} **Important:** Be careful editing these settings, as you can easily lock yourself out. {% endhint %} ## Admin IPS * **Admin IPs** - A comma-delimited list of IPs allowed for admin access. Leave empty to disable. * **Tmm Admin IPs** - IP Addresses for Too Much Media's admin access. Used by TMM Admins. * **Remote Auth IPs** - Set secure IP Addresses permitted for remote authentication of reseller accounts. * **Secure IPs** - Secure IP Addresses permitted to post login log entries. * **Shop Allowed IPs** - Secure IP Addresses allowed to post shop transactions. * **Extended Track Allowed IPs** - Comma-delimited list of IPs authorized to post extended sales. Leave empty if not set. ## APIs * **Admin API Allowed IPs** - Set the IP Address of IPs allowed to access the Admin API. * **Enable SOAP API** - Set whether to enable the SOAP API. * **Enable REST API** - Set whether to enable the REST API. ## Data Encryption {% hint style="warning" %} **Important:** CHANGES TO THIS WILL NOT EFFECT ALREADY ENCODED DATA. [Please put in a ticket with TMM](https://clients.toomuchmedia.com/index.php?tmmatt=1) if you want to make any changes to encryption. {% endhint %} * **Encrypt Member Username** - Encrypt member usernames. Encrypted member usernames will be in lowercase. {% hint style="info" %} **Please Note:** Username encryption may impact member authentication processes. [Reach out to TMM ](https://clients.toomuchmedia.com/index.php?tmmatt=1)before making changes. {% endhint %} * **Encrypt Member Password** - Encrypt member passwords. * **Encrypt Member Email** - Encrypt member email addresses. * **Encrypt Member First Name** - Encrypt member first names. * **Encrypt Member Lastname** - Encrypt member last names. * **Encrypt Member Address** - Encrypt member addresses. * **Encrypt Member Temp** - Encrypt member temp table. * **Encrypt Member Note** - Encrypt member notes. * **Encrypt Memberip** - Encrypt members' IP addresses. * **Encrypt Surferip** - Encrypt surfers' IP addresses. * **Encrypt ATVOD Verification** - Encrypt sensitive ATVOD verification information. * **Encrypt Affiliate Email** - Encrypt affiliate email addresses. * **Encrypt Affiliate Info** - Encrypt affiliate private information. * **Encrypt Payvia** - Encrypt affiliate payment information. * **Encrypt Mail Queue** - Encrypt send-to addresses and variables in the mail queue. * **Encrypt Config** - Encrypt configuration information. * **Encrypt Postbacks** - Encrypt data stored in NATS for delayed (and retried) postbacks. * **Decrypt Option Biller** - Keep option biller details decrypted. * **Decrypt Site Biller** - Keep site biller details decrypted. ## Document Upload * **Documents Secure Ext** - Comma-delimited list of extensions allowed for document upload. * **Documents Secure Ips** - Comma-delimited list of IPs allowed for document upload. ## Throttling * **Throttle White List IPs** - Comma-delimited list of IPs to allow skipping of throttling checks. * **Throttle Black List IPs** - Comma-delimited list of IPs to automatically fail throttling checks. * **Throttle Approved** - Turn on throttle checking for the approved.php page (initial member approval template). * **Throttle Approved Max Count** - Maximum number of attempts to approved.php page from a single IP address (initial member approval template). * **Throttle Approved Time Limit** - Number of seconds to wait to clear past hit attempts to approved.php page (initial member approval template). * **Throttle Upgradeplus** - Turn on throttle checking for the upgradeplus.php page (instant upgrades). * **Throttle Upgradeplus Max Count** - Maximum number of attempts to upgradeplus.php page from a single IP address (instant upgrades). * **Throttle Upgradeplus Time Limit** - Number of seconds to wait to clear past hit attempts to upgradeplus.php page (instant upgrades). * **Throttle Upgraded** - Turn on throttle checking for the upgraded.php page (member upgraded templates). * **Throttle Upgraded Max Count** - Maximum number of attempts to upgraded.php page from a single IP address (member upgraded templates). * **Throttle Upgraded Time Limit** - Number of seconds to wait to clear past hit attempts to upgraded.php page (member upgraded templates). * **Throttle Upsellplus** - Turn on throttle checking for the upsellplus.php page (upsells). * **Throttle Upsellplus Max Count** - Maximum number of attempts to upsellplus.php page from a single IP address (upsells). * **Throttle Upsellplus Time Limit** - Number of seconds to wait to clear past hit attempts to upsellplus.php page (upsells). * **Throttle Packageplus** - Turn on throttle checking for the packageplus.php page (package upgrades). * **Throttle Packageplus Max Count** - Maximum number of attempts to packageplus.php page from a single IP address (package upgrades). * **Throttle Packageplus Time Limit** - Number of seconds to wait to clear past hit attempts to packageplus.php page (package upgrades). * **Throttle Tokenplus** - Turn on throttle checking for the tokenplus.php page (token rebuys). * **Throttle Tokenplus Max Count** - Maximum number of attempts to tokenplus.php page from a single IP address (token rebuys). * **Throttle Tokenplus Time Limit** - Number of seconds to wait to clear past hit attempts to tokenplus.php page (token rebuys). * **Throttle Cancelplus** - Turn on throttle checking for the cancelplus.php page (member subscription cancel requests). * **Throttle Cancelplus Max Count** - Maximum number of attempts to cancelplus.php page from a single IP address (member subscription cancel requests). * **Throttle Cancelplus Time Limit** - Number of seconds to wait to clear past hit attempts to cancelplus.php page (member subscription cancel requests). * **Throttle Duplicate** - Turn on throttle checking for the duplicate.php page (duplicate membership on signup). * **Throttle Duplicate Max Count** - Maximum number of attempts to duplicate.php page from a single IP address (duplicate membership on signup). * **Throttle Duplicate Time Limit** - Number of seconds to wait to clear past hit attempts to duplicate.php page (duplicate membership on signup). * **Throttle Verifyplus** - Turn on throttle checking for the verifyplus.php page (member address verification for ATVOD). * **Throttle Verifyplus Max Count** - Maximum number of attempts to verifyplus.php page from a single IP address (member address verification for ATVOD). * **Throttle Verifyplus Time Limit** - Number of seconds to wait to clear past hit attempts to verifyplus.php page (member address verification for ATVOD). * **Throttle Signupplus** - Turn on throttle checking for the signupplus.php page (expired member one-click signup). * **Throttle Signupplus Max Count** - Maximum number of attempts to signupplus.php page from a single IP address (expired member one-click signup). * **Throttle Signupplus Time Limit** - Number of seconds to wait to clear past hit attempts to signupplus.php page (expired member one-click signup). * **Throttle Signup Validation** - Turn on throttle checking for the signup\_validation.php page (perform validation on passed-in data). * **Throttle Signup Validation Max Count** - Maximum number of attempts to signup\_validation.php page from a single IP address (perform validation on passed-in data). * **Throttle Signup Validation Time Limit** - Number of seconds to wait to clear past hit attempts to signup\_validation.php page (perform validation on passed-in data). * **Throttle Password** - Turn on throttle checking for the password.php page (member forgot password page). * **Throttle Password Max Count** - Maximum number of attempts to password.php page from a single IP address (member forgot password page). * **Throttle Password Time Limit** - Number of seconds to wait to clear past hit attempts to password.php page (member forgot password page). * **Throttle Forget Member** - Turn on throttle checking for the PATCH /member/forget API function. * **Throttle Forget Member Max Count** - Maximum number of attempts to the PATCH /member/forget API function from a single IP address. * **Throttle Forget Member Time Limit** - Number of seconds to wait to clear past hit attempts to the PATCH /member/forget API function. * **Throttle Login** - Turn on throttle checking for the login.php page (member login page) for the OpenID server. * **Throttle Login Max Count** - Maximum number of attempts to login.php page from a single IP address (member login page) for the OpenID server. * **Throttle Login Time Limit** - Number of seconds to wait to clear past hit attempts to login.php page (member login page) for the OpenID server. ## Auth Strings * **Member String Auth Cancelplus** - Set whether to require authstring to process hits on cancelplus.php. * **Member String Auth Packageplus** - Set whether to require authstring to process hits on packageplus.php. * **Member String Auth Tokenplus** - Set whether to require authstring to process hits on tokenplus.php. * **Member String Auth Upgradeplus** - Set whether to require authstring to process hits on upgradeplus.php. * **Member String Auth Upsellplus** - Set whether to require authstring to process hits on upsellplus.php. * **Member String Auth Signupplus** - Set whether to require authstring to process hits on signupplus.php. ## Input Source * **Packageplus Post Only** - Set whether to require input for packageplus.php to be $\_POST only (otherwise, it will be $\_REQUEST) * **Tokenplus Post Only** - Set whether to require input for tokenplus.php to be $\_POST only (otherwise, it will be $\_REQUEST) * **Cancelplus Post Only** - Set whether to require input for cancelplus.php to be $\_POST only (otherwise, it will be $\_REQUEST) * **Signupplus Post Only** - Set whether to require input for signupplus.php to be $\_POST only (otherwise, it will be $\_REQUEST) ## Two Factor Authentication * **G2FA Window** - Set the allowed difference in time between the time on the user's device and the time on the server.