=head1 NAME SecureProtect =head1 Synopsis In catalog.cfg: SecureProtect active yes SecureProtect secret VerySecureYESIAM =head1 Description This is a defense to "sidejacking", the collection of a session cookie by a host on an unsecure network. When SecureProtect is active, the UserDB login process creates a passhash of the encrypted password. This, along with username, login_table, and a "secret" set in the configuration, is used to check subsequent secure accesses to the catalog. =over =item active Yes or No (or any Interchange YesNo value) to determine if SecureProtect is used. Default: no =item page The interchange page to relocate to. Default: login =item secret The "secret" hash to add to usename and other key values for security. If you change this, all your users will have to re-authenticate at a secure page. Change the default value, please. =item keys The session values to hash with the "secret" to build the hash value. Default is username,login_table,passhash. Shouldn't need to be changed, do so at your own risk. =item destination The CGI variable name to store the previous page ($CGI::path_info) in. Used to generate a redirect to the original destination upon re-authentication. =item authexpire The amount of time (in Interchange duration, ala SessionExpire) that you will allow one hashing to last. Default is 7 days. After that time without logging in, the user will be forced to re-authenticate. =back =cut