Plugin
[Plugin]
:AccessEnumProperty=
:AccessFailMode=1
:AccessGetProperty=
:AccessInvoke=
:AccessSetProperty=
:AutoDecodeBase64=1
:BlockInvokeThread=0
:CompabilityVersion=0700
:Description=
:HostInformationSignature=0
:InvokeThreadDelay=10
:LogFile=
:MimeType=
:Name=
SiteAccessUnknown=as-parent-app
SiteAccessUntrusted=low
:UseInternalEncrypt=2
:UseInternalVerify=1
:Version=
:VersionAPI=
AccessGetProperty, AccessSetProperty, AccessEnumProperty, AccessInvoke
The default access restrictions for accessing the plugin should probably be acceptable. But there are situations when the default values must be changed.
[Plugin]
AccessGetProperty=<name>,<access-level>;<name>,<access-level>
AccessSetProperty=<name>,<access-level>,<type>,<min-size-byte>,<max-size-byte>
AccessEnumProperty=<name>,<access-level>
AccessInvoke=<name>,<access-level>
Values
<name>
- <name> AccessGetProperty
-
See list Default access GetProperty
- <name> AccessSetProperty
-
See list Default access SetProperty
- <name> AccessEnumProperty
-
See list Default access EnumProperty
- <name> AccessInvoke
-
See list Default access Invoke
<access-level>
- always
-
This parameter or action is always accessible, even when Plugin is blocked. The parameter should not be sensitive at all.
- full
-
The parameter or action is accessible when the configuration says you have full access.
- use
-
The parameter or action is accessible when the configuration says you have use access
- low
-
The parameter or action is accessible at the lowest possible access. Usually, the parameter is not sensitive at all.
- block
-
The parameter or action is blocked and is therefore ignored.
<type>
- 0
-
PARAM_TYPE_IGNORE
- 1
-
PARAM_TYPE_BOOL
- 2
-
PARAM_TYPE_NUMBER
- 3
-
PARAM_TYPE_HEXADECIMAL
- 4
-
PARAM_TYPE_BASE64
- 5
-
PARAM_TYPE_OID
- 6
-
PARAM_TYPE_STRING
- 7
-
PARAM_TYPE_URL
<min-size-byte>, <max-size-byte>
Sizes are in bytes. Default sizes for the SetProperty parameter are given in this list. And the different pre-defined sizes are given in this list.
[Plugin]
AccessGetProperty=Version,low;MachineInfo,full
AccessSetProperty=Data,use,4,0,10000
AccessEnumProperty=Token,full
AccessInvoke=Refresh,full
BlockInvokeThread
When investigating failure it can be necessary to block the execution in separate threads. The BlockInvokeThread parameter stops the execution of the invoke command in a separate thread.
[Plugin]
BlockInvokeThread=0
CompabilityVersion
Plugin loaded with old ActiveX classID can have a different version number for better compability with existing web applications.
Description
This parameter is used to control the information returned by the NPAPI interface. It is only used for debugging. Do not change this value.
HostInformationSignature
The HostInformationSignature parameter adds host information to a plugin signature.
InvokeThreadDelay
The InvokeThreadDelay parameter tells the number of milliseconds for GetProperty("InvokeThread") to wait if there is no response.
LogFile
The LogFile parameter allows for recording of all plugin calls to the specified file. This file is useful for the investigation of failures. It is also a bit sensitive since it can contain passwords and other sensitive information. Thus, this parameter is ignored unless running on a development license.
[Plugin]
LogFile=C:\Temp\plugin.txt
MimeType
This parameter is used to control the information returned by the NPAPI interface. It is only used for debugging. Do not change this value.
Name
This parameter is used to control the information returned by the NPAPI interface. It is only used for debugging. Do not change this value.
SiteAccessUnknown
The introduction of I/O access towards the plugin has opened a possible man-in-middle attack. Thus, we have added a parameter that tells the access level for unknown access.
[Plugin]
SiteAccessUnknown=as-parent-app
Values
The access value sets the access level described in section Access level.
- full
-
All functionality is enabled. Sets access level to full.
- use
-
Most functionality is enabled. Sets access level to use.
- ask-multi
-
Asks the user to allow access each time.
-
Answer
yes
, (click YES), sets access level to use. -
Answer
no
, (click NO), sets access level to block.
-
- ask-once
-
Asks the user to allow access and remember the answer.
-
Answer
yes
, (click YES), sets access level to use. -
Answer
no
, (click NO), sets access level to block.
-
- as-parent-app
-
Makes a check of the unknown caller by getting the parent process ID and make sure that the process is allowed. This is done by validating the parent process' application path. The process or parent process must be defined in Plugin AllowApp or located in a system-specific safe location.
If this check fails, the access level is set to block. Otherwise, it is set to the access value, resulting in an access level, set for the process in Plugin AllowApp.
- low
-
Only basic functionality is enabled. Sets access level to low.
- block
-
No functionality is enabled. Sets access level to block.
Parameters and actions with access level always are always accessible no matter the set access value. |
SiteAccessUntrusted
The web browser Internet Explorer will by default use a sandbox for sites that are not marked as "trusted". Those sites are apparently not fully trusted and should probably not be used to administrate Net iD Client. Net iD Client handles the administration of "sandboxed" data, such as soft tokens, but you may want to limit the access.
[Plugin]
SiteAccessUntrusted=low
Values
The access value sets the access level described in section Access level.
- full
-
All functionality is enabled. Sets access level to full.
- use
-
Most functionality is enabled. Sets access level to use.
- ask-multi
-
Asks the user to allow access each time.
-
Answer
yes
, (click YES), sets access level to use. -
Answer
no
, (click NO), sets access level to block.
-
- ask-once
-
Asks the user to allow access and remember the answer.
-
Answer
yes
, (click YES), sets access level to use. -
Answer
no
, (click NO), sets access level to block.
-
- low
-
Only basic functionality is enabled. Sets access level to low.
- block
-
No functionality is enabled. Sets access level to block.
Parameters and actions with access level always are always accessible no matter what access value is given. |
UseInternalEncrypt, UseInternalVerify
The plugin can for encryption or verify use both external or internal library. This parameter tells what to use.
#define USE_INTERNAL_NEVER 0
#define USE_INTERNAL_MAY 1
#define USE_INTERNAL_ALWAYS 2
[Plugin]
UseInternalEncrypt=2
UseInternalVerify=1