This is an old revision of the document!
Security Settings
To allow users with Internet Explorer to acces Stages, set the global.secureMode.IEAccess
config property in config.xml
either to non_root
(= all users except root) or all_users
.
Unmanaged HTML sections in descriptions are an inherent security risk, because process modelers could open the system up to XSS vulnerabilities. Therefore, those features were disabled by default.
To reenable the handling for unmanaged HTML sections in descriptions, set the process.description.displayUnmanagedSections.enabled
and legacy.description.migration.unmanagedSection.templates properties
to true
in config.xml
.
We highly recommend to make those changes only if the respective impact on security is well understood.