Update the Configuration File

After you have installed the website, activated the license and established a database, the next step is to update the configuration file on the web server.

From Start, search for “SEP2021 Admin” and open the admin utility. Then click Update SEP Configuration File.

1 - On the Connection Tab:

  • Connection Info - Enter the required details for the database that the application will connect to. If you used the admin utility to create the database, the connection info will appear in the fields automatically.

Note: If you are configuring SEP for use with an Oracle database, you must specify a valid service name. Entering an SID may result in slow performance.

Select Encrypt Connection String if you want to hide the connection string information within the web configuration file.

Select Encrypt Impersonation Identity if you want to hide the credentials within the web configuration file.

2 - On the Settings Tab:

  • Request timeout sets how long IIS waits for a request to the application to finish processing. Typically, this will not need to be changed for an SEP implementation.
  • Content-Security-Policy Header determines which types of dynamic resources are allowed to load on the site. This policy is required to detect and prevent cross-site scripting (XSS) and other code-injection attacks. Typically, it will not need to be changed; however, if you decide to modify this policy, you must include the following directives to ensure that the site functions properly:
    • ‘unsafe-inline’
    • ‘unsafe-eval’
    • img-src 'self' data:
  • If a Secure Socket Layer (SSL) certificate has been implemented for SEP, select Yes for HTTP Cookies Require SSL if you also want the browser cookies to require SSL (an additional level of security).
  • For a SQL Server implementation,
    1. Select Encrypt communication to encrypt the connection between the application and the database.
    2. Select Trust server certificate if the server has a self-signed certificate.

Note: To encrypt the connection for an Oracle implementation, set the encryption type to either “requested” or “required” for the Oracle database. To learn more, consult the Oracle documentation (e.g., https://docs.oracle.com/cd/B19306_01/network.102/b14268/asoconfg.htm#i1007808).