Xerox SmartSend Support & Software Installation Guide
Site Security Policies
9-5
Site Security Policies
SMARTSend has site security policies that govern secure connection usage, scan time security, PaperWare
form security, and workflow access. Each of these policies and their respective interactions will be described
in detail in the following sections.
form security, and workflow access. Each of these policies and their respective interactions will be described
in detail in the following sections.
General Site Security
Click the Review Security Settings link on the Administration Home Page to access the General Site
Security policy. It is under the Security heading on the General Settings page.
Security policy. It is under the Security heading on the General Settings page.
The General Site Security Policy controls whether or not secure connections will be used when entering
passwords from the SMARTsend web application. There are two SMARTsend options for General Site
Security Policy:
passwords from the SMARTsend web application. There are two SMARTsend options for General Site
Security Policy:
Enter passwords using a secure connection
Enter passwords over a non-secure connection
The default and recommended setting is Enter passwords using a secure connection.
Enter Passwords Using a Secure Connection
The secure password entry policy requires installation of a Secure Server Certificate on the SMARTsend
computer. This is the recommended configuration. If a certificate is not available, you must install one on
the SMARTsend computer when this option is selected. For instructions on how to obtain and install an SSL
certificate for the SMARTsend computer, see Obtain and Install a Security Certificate on page 2-16.
computer. This is the recommended configuration. If a certificate is not available, you must install one on
the SMARTsend computer when this option is selected. For instructions on how to obtain and install an SSL
certificate for the SMARTsend computer, see Obtain and Install a Security Certificate on page 2-16.
This setting ensures privacy by using HTTPS to transfer data from any application pages that prompt for
user passwords.
user passwords.
Enter Passwords Over a Non-secure Connection
This policy is not recommended because passwords will be transmitted in clear text over your network. This
leaves passwords vulnerable to a network sniffer. A server certificate is not required with this configuration.
leaves passwords vulnerable to a network sniffer. A server certificate is not required with this configuration.