Administrator Guide

Security Settings

Administrators can limit some actions that particular types of users are allowed to perform. Specifically, the following actions can be limited for registered users, invited users, and guest users:

• Uploading files: Administrators can limit the types of files that can be uploaded by Expo LX users. This should be done to prevent users from uploading files that could potentially contain malicious scripts.
• Embedding rich media: Administrators can limit the URLs to which users can link to embed flash and other video files or images in blogs and wikis. This should be done to prevent users from embedding images and videos that contain query strings that might execute a malicious web application.

Restricting File Types

1. Navigate to the System Admin tab.
2. Select the Manage Expo LX link.
3. Select the Security Settings link.
4. Restrict file types that can be uploaded by Expo users.

 

For each type of user, either prohibit users from uploading certain types of files or allow users to upload only certain types of files. To restrict the types of files that can be uploaded, do the following:

1. Select to either prohibit or enable file types.
   
2. If you are enabling a lot of file types, select the "Prohibit these filetypes" option.
3. If you are disabling a lot of file types, select the "Allow these filetypes" option.
4. In the subsequent field, specify the file extensions for the types of files that should either be allowed or prohibited (depending on which option you selected in the previous form field). All file extensions should be listed in a comma-separated list.

For example, most administrators will want to prohibit executable files. To do so, select "Prohibit these filetypes' and type "exe" in the subsequent form field. If you wanted to prohibit other types of files, you would add them after the "exe" with a comma in between each file extension.

Restricting URLs for Embedding Rich Media

 

Restrict the URL domains in which query strings are allowed.

 

For each type of user, specify any URL domains in which query strings are allowed when Expo LX users are embedding images or video. By default, users will not be allowed to embed any media files that have query strings in their URL.

 

When adding an allowed domain, do not include the http or www (e.g., "learningobjects.com" is a valid entry for these fields). If you want to allow more than two domains, select the More... button to add more form fields to the page.