In BioStar 2.7.11, Suprema improved features that are related to security. Improved features are following below.
- Added logic to check file extensions to limit malicious file uploads.
- Improved to select whether to allow simultaneous access using the same account.
- Limited to connect only when the IP information of the account and the IP information of the accessing PC match when logging in by adding an IP address item to the user information.
Feature 1 > Added logic to check file extensions to limit malicious file uploads
In BioStar 2, you can upload files to edit, update or modify data in the BioStar 2 server and device configuration. The table below shows which file extensions are the only types that BioStar 2 allows.
| Menu | Feature | Supported File Extension |
| User | Photo | .png |
| Device | Home Screen > Logo | .tiff, .pjp, .pjpeg, .jfif, .webp, .tif, .bmp, .png, .jpeg, .svgz, .jpg, .gif, .svg, .ico, .xbm, .dib |
| Device | Home Screen > Logo > Slide Show Enabled | .tiff, .pjp, .pjpeg, .jfif, .webp, .tif, .bmp, .png, .jpeg, .svgz, .jpg, .gif, .svg, .ico, .xbm, .dib |
| Monitoring | Graphic Map > Background | .gif, .jpg, .png, .bmp, .jpeg |
Feature 2 > Improved to select whether to allow simultaneous access using the same account
From the BioStar 2.7.11, you can active or inactive the simultaneous connection with one BioStar 2 log-in account. The default configuration is 'Active' and you can open multiple BioStar 2 sessions with one account. But if you set 'Inactive' the feature, then you cannot open multiple BioStar 2 sessions on one or multiple PC through one user account.
When you 'Inactive' the simultaneous connection feature and try to log in to the BioStar 2 with multiple sessions, the old log-in session will be expired. If you click someplace in the old login session BioStar 2, you will meet the 'Login Required' warning from the BioStar 2 and automatically logged out.
Feature 3 > Limited to connect only when the IP information of the account and the IP information of the accessing PC match when logging in by adding an IP address item to the user information
In the BioStar 2.7.11, there was an improvement of configure limitation user PC IP.
- In the User > (Selected User Page) > Information section, 'User IP' box is supported.
- Unlike Name and Period, User IP is not a mandatory field. Whether you insert the user IP or not, you can enroll a new user.
- If you registered a user PC IP, you can access the BioStar 2 through the registered IP only.
Caution
- User IP format should be 'XXX.XXX.XXX.XXX' and the number should be 0 ~ 255.
- Only one User IP can be registered for one user.
