Here are some additional features that require system setup to use.
Loading...
Loading...
System Properties is a table within Cinchy for managing system properties, such as default time zones, system lockout durations, password expirations, password properties, password attempts allowed etc.
The Default of the Systems Properties table is set up as follows:
Please note that this table is case sensitive.
The System Properties requirements can be changed by an admin user simply by editing the 'Value' columns where applicable:
Users can set their own time zones in their user profile. If a user does not set one up, the system default time zone will take effect. If this property does not exist or is invalid, the default time zone will default to UTC.
The minimum password length is 8 characters and it will default to 8 if an invalid value is provided. However, this number can be changed in the 'Value' column to require users to have longer or shorter passwords.
This property specifies whether symbols are required in a user's password. The 'Value' 0 means symbols are not required and 1 means they are required.
This property specifies whether numbers are required in a user's password. The 'Value' 0 means numbers are not required and 1 means they are required.
For a new password policy to take effect, you can set all user's Password Expiration Timestamp to yesterday. They will need to change their password the next time they attempt to log in.
This property specifies how many days until a password expires. Defaults to 90 but can be set to be shorter or longer by changing the number in the 'Value' column.
This property specifies how many bad password attempts a user can make before they are locked out of the system. The default is 3 but this can be set to be more or less attempts by changing the number in the 'Value' column.
This property specifies how long a user is locked out of the system once they've run out of bad password attempts. The default is 15min but this can be set to be shorter or longer by changing the number in the 'Value' column.
Note that an administrator can also go into the 'Users' table to manually unlock a user by clearing the Locked Timestamp.
This is a property, defaulted to 0, that is simply responsible for showing this warning when a data owner is setting up Data Erasure or Data Compression on a table. It is the administrator's responsibility to set up a scheduled maintenance job for performing compression and erasure, and then to change the property to 1 so that the warning no longer appears.
There is a new Cinchy table called Forbidden Passwords. This table comes with a prepopulated list of passwords from https://www.ncsc.gov.uk/static-assets/documents/PwnedPasswordsTop100k.txt
You can add more blocked passwords to this list as well, and users will not be able to set their password to it (this can be used to add your company's name, or to import other blocked password lists). The check against the list is case insensitive.
Like other password policies, this check occurs when your password changes, so to enforce this you will need to set all passwords to be expired.
Property ID
Name
Value (Default)
2
Default Time Zone
Eastern Standard Time
12
Password Attempts Allowed
3
13
System Lockout Duration (minutes)
15
8
Minimum Password Length
8
9
Password Requires Symbols
1
10
Password Requires Numbers
1
11
Password Expiration (Days)
90
15
Maintenance Enabled
0
How to enable and other information in relation to REST Encryption
Cinchy 2.0 has added the feature to encrypt data at rest. This means that you can encrypt data in the database such that users with access to view data in the database will see ciphertext in those columns. However, all users with authorized access to the data via Cinchy will see the data as plain text.
In order to use this feature, your database administrator will be need to create a database master key (see below for instructions).
Connect directly to the database Cinchy is currently using.
Run the below query to create your master key - password to be used should adhere to your organization's password policy.
You can now encrypt data via the user interface
After you have created your master key you can create a backup file of that key in case any data corruption occurs in future. You will need the password you used to create your master key in order to complete this operation.
Further documentation.
In the use case where you require to restore your master key due to data corruption use the command below to do so. You will need the password you used to create you master key in order to complete this operation.
Further documentation.