Global security settings - Infor Ming.le

In the Global security settings dashboard, you can create and maintain a list of secure sites in which Dashboards can be embedded. The purpose of this is to protect against UI redress attacks (Clickjacking).

In a clickjacking attack, links that enable information to be sent to an attacker's server are disguised as valid links. A user may thus unwittingly submit sensitive information to an attacker.

To protect against clickjacking, headers that are sent in response to HTTP requests are configured with the URLs of the specified secure sites. Response headers are automatically configured with the sites that you list.

The Infor Ming.le and Homepages URLs are preconfigured as secure sites.

Permission to maintain the list can be restricted to system tenants. In that case, the options to maintain the list are read-only for standard tenants.

Optionally, you can specify that users can open Dashboards only from a secure site.