The following sections provides a summary of security-related configuration settings for QuickFinder:
The following table lists the QuickFinder configuration settings that are security-related or impact the security of QuickFinder.
Table 15-2 QuickFinder Security Configuration Settings
| Configuration Setting | Possible Value | Default Value | Recommended Value for Best Security | 
|---|---|---|---|
| QFind.cfg > MsgDetail | “Level of detail in indexing logs:” -1 through 5 | 3 | 5 | 
| QFind.cfg > AutoTimeOut | “Maximum query duration (seconds).” Any integer. | 30 seconds | 15 | 
| QFind.cfg > CheckRights | “Authorization checking:” Off | Index | ResultItem | Off | ResultItem | 
| QFind.cfg > CheckRightsFilePath | “by Index (Only users that have read access to the following file have access to the index)” Any string value | Points to /docs/index.html | A file that is more rights-controlled | 
| QFind.cfg > CheckRightsFilter | “Unauthorized hits filtered by” Engine | Templates | Engine | Engine | 
| QFind.cfg > UserID | “Basic Authentication: User ID“ Any string value | “” | If possible, crawl public only. | 
| QFind.cfg > Password | “Basic Authentication: Password“ Any string value | “” | If possible, crawl public only. | 
| QFind.cfg > AuthFields | “Form-based Authentication” fields Any string value | “” | If possible, crawl public only. | 
| QFind.cfg > LoginURL | “Alternate Login URLs” Any string value | “” | If possible, crawl public only. | 
| QFind.cfg > HTTPHeaders | “HTTP Headers:” any string value | “” | “” | 
| QFind.cfg > IndexLocation | “Location of index files:” Any directory in the file system Any string value | <qfsearch>/Sites/<VSS name>/indexes/<index name> | Any directory that is secured. | 
| QFind.cfg > CanBeMirrored | “Index may be copied to other clustered servers:” true | false | FALSE | FALSE | 
| AdminServlet.properties > AdminServlet.RequireSSL | “Require HTTPS when administering QuickFinder Server:” true | false | TRUE | TRUE | 
| AdminServlet.properties > AdminServlet.Authenticate | “Require authorization when administering QuickFinder Server:” true | false | TRUE | TRUE | 
| AdminServlet.properties > AdminServlet.ProductUpdates.Enabled | “Check for product updates:” true | false | TRUE | FALSE | 
| AdminServlet.properties > AdminServlet.ProductUpdates.URL | Not in UI Any string value | http://search.novell.com/qfsearch/UpdateServlet | “” | 
| ???????.properties > GeneralServlet.Errors.Enabled QueryLog.Enabled ClusterServices.Log.Enabled | “Log Enabled” true | false | TRUE | TRUE | 
| ????????.properties > GeneralServlet.Errors.Destination ClusterServices.Log.Destination | “Log to:” File | Console | Both | Both | Both | 
| ???????.properties > GeneralServlet.Errors.LogFile.DeleteOnRestart ClusterServices.Log.DeleteOnRestart | “New log when services load:” true | false | TRUE | FALSE | 
| ???????.properties > GeneralServlet.Errors.LogFile.MaxSize ErrorLog.MaxSize ClusterServices.Log.MaxSize | “Maximum log size (bytes):” Any positive integer | 30000 | 30000 | 
| GeneralServlet.properties > GeneralServlet.Mail.Enabled | “Enable e-mail services:” true | false | FALSE | TRUE | 
| GeneralServlet.properties > GeneralServlet.Mail.SMTPHost | “Outgoing SMTP Host name:” Any string value | “” | The name of the local SMTP mail server. | 
| GeneralServlet.properties > GeneralServlet.Mail.SMTPPort | “Outgoing SMTP Port #:” Any positive integer | 25 | The correct port of the local SMTP server. | 
| GeneralServlet.properties > GeneralServlet.Mail.SMTPUserID | “Outgoing SMTP User ID (optional):” Any string value | “” | The UserID of the local SMTP mail server. | 
| GeneralServlet.properties > GeneralServlet.Mail.SMTPPassword | “Outgoing SMTP Password (optional):” Any string value | “” | The password of the local SMTP mail server. | 
| Cluster.properties > ClusterServices.Send.Enabled | “Will this machine send cluster data:” true | false | FALSE | FALSE | 
| Cluster.properties > ClusterServices.Receive.Enabled | “Will this machine receive cluster data:” true | false | TRUE | FALSE | 
| Cluster.properties > ClusterServices.RequireHTTPS | “Require HTTPS for all cluster communications:” true | false | FALSE | TRUE | 
| Cluster.properties > ClusterServices.Authentication.RequireAuthentication | “Require admin authorization when receiving cluster data:” true | false | TRUE | TRUE | 
| SiteList.properties > SiteList.GlobalSite | “Default location of virtual search servers:” Any string value | <QFSearch>/sites | A protected file system location. | 
| SiteList.properties > Monitor.SiteCache.DynamicUpdates | “Detect manual search server changes:” true | false | TRUE | FALSE | 
| SiteList.properties > Monitor.TemplateCache.DynamicUpdates | “Detect template changes:” true | false | TRUE | FALSE | 
| General.properties > Monitor.SiteCache.PurgeSiteSeconds | Not in UI Defaults to 20 minutes Any non-negative integer | 1200 | 60 | 
| General.properties > QueryLog.Mail.Enabled | “E-mail log reports:” true | false | FALSE | FALSE | 
| General.properties > Recipients | “...enter recipients...” | “” | “” | 
| General.properties > Site.Cluster.Send.Enabled | “Let Virtual Search Server send cluster data:” true | false | FALSE | FALSE | 
| General.properties > Site.Cluster.Send.ClusterNames | “Name of clusters to send to:” Any string value | “” | “” | 
| General.properties > Site.Cluster.Receive.Enabled | “Let Virtual Search Server receive cluster data:” true | false | FALSE | FALSE | 
| General.properties > Response.PotentialHits.Max | “Refuse queries if potential hits exceed:” Any positive integer. | 10000 | 5000 | 
| Search.properties > Print.properties > Search.Request.NumHits.Max Search.BestBet.NumHits.Max Print.Request.NumHits.Max | “Maximum number of results per page:” Any positive integer up to “Highest allowed result number:” | 200 5 200 | 100 5 25 | 
| Search.properties > Print.properties > Search.Request.LastHitNum.Max Print.Request.LastHitNum.Max | “Highest allowed result number:” Any positive integer | 1000 1000 | 200 200 | 
| Search.properties > Print.properties > Search.Templates.Directory Print.Templates.Directory Highlighter.Templates.Directory | “Templates directory:” Any string value | <qfsearch>/Templates | A rights-controlled directory. | 
| Print.properties > Print.Response.PrintSize.Warning | “Print job size warning (bytes):” Any positive integer | 102400 | 40960 | 
| Print.properties > Print.Response.PrintSize.Max | “Maximum print job size (bytes):” Any positive integer | 2097152 | 512500 | 
| Security.properties > Security.Authentication.RealmString | “Authentication realm string:” (Only used if LoginType is set to basic, 0) Any string value | “QuickFinder Server” | Best if it matches the Web server’s realm. | 
| Security.properties > Security.LoginType | Not in UI 0 - login type basic 1 - login type form | 1 | 1 | 
| Security.properties > Security.CheckRightsByDir | “Check authorization by directory:” true | false | TRUE | FALSE | 
| Security.properties > Security.AutoLogoutTime | “Auto-logout time (minutes):” Any positive integer -1 == never log out | 30 | 5 | 
| Security.properties > Security.RequireHTTPS | “Require https:” true | false | TRUE | TRUE | 
The following table lists the configuration settings for other products that impact the security of QuickFinder.
Table 15-3 Configuration Settings for Other Products
| Product Name | Configuration Setting | Default Value | Recommended Value for Best Security | 
|---|---|---|---|
| PAM | Rights to the shadow group on Linux | Not made a member of this group. | Not made a member of this group, but requires that eDirectory is installed. |