To main heading

Smallsite Design

Online management help

10. Settings

Settings allows specifying the operational values for a site.

Access

This section contains flags for enabling extra access or other functionality.

The fields are:
#NameDescription
1AccessibilityIf turned on, the public site will change pages to include several accessibility enhancements for those with visual or neurological sensitivities to some typographical settings that most people prefer. A logged-in user can set their own accessibility preference on the Users page
22-factor loginIf turned on, after submitting a password, an email will be sent to the user's email with a link which when clicked will allow entry to the management pages, after which the resulting Close me browser page can be closed if it didn't close immediately. This ensures that someone logging in is likely to be the legitimate user. However, this process relies upon the user having the only access to their emails
3Guest modeIf turned on, Guest users can be created to allow view-only access to almost all management pages for training or learning. Never turn on for a production site. If turned off, all current Guest users will be deleted
4Strict DoneIf turned on, hides the All done button in the Phase selection section of the History page to mitigate against releasing straight after some edits without thinking about what other edits for other locales might also be needed. Irrelevant if only one locale

These are all turned off by default. Only turn on Accessibility if the majority of expected site visitors have the sensitivities that the changes cater for, otherwise those without them may find the changes downgrade their experience. The preferences for neurodiverse groups are often mutually exclusive.

Values

This section covers site-wide values used by Smallsite Design.

The fields are:
#NameDescription
1Site IDShort identifier used as the prefix for archive file names. This uses basic ASCII alphabetic characters so that it should display properly in all operating systems. When a site is created, this is set to sd for Smallsite Design
2Site nameFormal name for the site
3Copyright
owner
Name of the copyright holder for the site. It should be the legally registered name for a business, or an individual's full name. It appears in page footers
4Registration
name
Name of the type of registration for the next field. It is provided to show information like business registration numbers that may be legally required to be displayed. If this field is blank, no registration details will appear in page footers
5Registration
ID
Identifier or number for the type of registration in the previous field. If this field is blank, no registration details will appear in page footers
6Guest
password
If a Guest user with ID of gu is created, the password automatically generated will be shown here. Only shown in Guest mode

Any of these values can be shown on a page by selecting the corresponding option for the Value attribute of a value element.

Examples for these fields are:
#NameExample
1Site IDsd as an identifier for Smallsite Design. Default for a new site, but needs changing as part of step 3 of Set up Smallsite Design
2Site nameSmallsite Design
3Copyright ownerPatanjali Sokaris or Company Pty Ltd
4Registration nameABN for Australian Business Number
5Registration ID14 326 274 274

These settings are to specify an external search provider rather than using the internal facility.

Warning

Only change these if you really know what you are doing.
Incorrect settings may hobble the search facility altogether.

The fields are:
#NameDescription
1StatusWhether the specified external search provider is used
2URLProvider's URL address
3Query attributeName of the attribute to hold the typed in query to send to the provider
4Site attributeName of the attribute to hold the site's domain name to send to the provider
The currently recommended values for using DuckDuckGo for searching the site that you can cut-and-paste from here to your site are:
#NameCurrent recommendation
1StatusEnabled
2URLhttps://duckduckgo.com/
3Query attributeq
4Site attributesites

The values are initially blank and the facility is disabled. If disabled, or any of the values are removed, use of an external provider is disabled and the internal search facility is used.

Do not use Google because unless a site is very popular, they will ignore 95% of the pages. Bing will list 100% of a site's pages, but they do not have a Site attribute to be able to restrict the search to the site. DuckDuckGo does, and it uses Bing results, so coverage matches Bings, though new pages may take several extra days to appear. Their advantage is that they do not leak site visitors' details to Bing.

Not all search providers have all the attributes suitable for this facility. Also, attributes have to be able to be submitted within the form, and not as part of the URL where the queries used may be leaked in browser histories.

MIME types

MIME types define how the web server processes files so that they display properly in a browser page.

Warning

Only change these if you really know what you are doing.
Incorrect settings may affect how some files are displayed and processed.

Working values have already been supplied. These settings have only been provided to cater for future changes that may be required, such as for new multimedia file formats. No entries are required for file types that will only be downloaded and not viewed in a browser or played.

The currently recommended extension=MIME type combinations that you can cut-and-paste from here are:

csv=text/csv
epub=application/epub+zip
flac=audio/flac
gif=image/gif
ico=image/x-icon
jpg=image/jpeg
m4a=audio/mp4
mp3=audio/mpeg
mp4=video/mp4
oga=audio/ogg; codecs="vorbis"
ogv=video/ogg; codecs="theora, vorbis"
pdf=application/pdf
png=image/png
txt=text/plain
webm=video/webm; codecs="vp8.0, vorbis"
webp=image/webp

While technically a file with a specific extension can have multiple mime types associated with it and vice-versa, Smallsite Design is keeping it simple by allowing only one mime type to map to one extension. In those rare cases where a mime type extension is already used, an alternate extension will need to be specified here for the new mime type, and any files expected to use it need to be renamed to use the new extension before uploading them.

However, adding a MIME type here only allows it to played on a page if a suitable handler for the file, like a codec for a media file, is already installed on the device or in the browser.

Settings

These settings facilitate linking to other sites or web services.

Warning

Only change these if you really know what you are doing.
Incorrect settings may inadvertently expose confidential
information, or prevent search engines listing site content.

Working values have already been supplied. These settings have only been provided to cater for future changes that may be required.

The fields are:
#NameDescription
1Disallowed
agents
Names of web-crawling robots (bots), separated by |, that are to ignore the site. Each will have an entry in the site's robots.txt file
2Additional
schemes
Names of communication protocols, other than https, and separated by |, that external sites might need at the front of their URLs for some of the services they offer. Cannot add the insecure http scheme
The currently recommended values that you can cut-and-paste from to your site are:
#NameCurrent recommendation
1Disallowed agentsGPTBot
2Additional schemes

Disallowed agents lists those bots being requested to ignore the site. As a request, the bots may ignore it. Many search engines' bots and all malicious bots will ignore it. However, some bots for AI sites, like GPTBot, currently do respect the request, so that site content can be prevented from being plagiarised by the AI for use in response to their users' queries. However, if you have a substantial body of work and the AI does not rip off substantial content and lists references, like CoPilot does, then having occasional snippets of referenced content may widen your audience.

The insecure http scheme cannot be added to Additional schemes. For almost all likely external sites to be linked to, no schemes have to be added here as https is the fairly universal standard for websites. However, some sites' content may only be available using special protocols, so they would have to be added here to allow them to be used in links to such sites because URLs are validated against these schemes. Do not include the :// usually used after the protocol name in this list, but it must be included in full URLs.

Password checking

These settings configure how user passwords are checked against those that have been leaked.

Warning

Only change these if you really know what you are doing.
Incorrect settings may affect whether passwords are checked properly or at all.

Working values have already been supplied. These settings have only been provided to cater for future changes that may be required.

The fields are:
#NameDescription
1StatusWhether checking passwords at login is enabled
2URLPrefix to the URL to the checking provider's command internet address. The hash prefix to check a password is added to this
3Hash algorithmName of the method used to generate the hash from the password
4CharactersNumber of the first characters of the hashed password added to the URL
The currently recommended values that you can cut-and-paste from here to your site are:
#NameCurrent recommendation
1StatusEnabled
2URLhttps://api.pwnedpasswords.com/range/
3Hash algorithmsha1
4Characters5

The current settings are for a service provided by Troy Hunt and his Have I Been Pwned web site, using Cloudflare to timely service the huge number of daily requests at the edge servers of their cloud infrastructure. The database contains half a billion leaked passwords.

The process uses what is known as k-anonymity to allow secure password testing. It involves hashing the password, and sending off the first few characters. A list of several hundred remainders of hashes that match that prefix is returned. If the tail end of the hash of the actual password is on the list, it is compromised. The hashing makes it virtually impossible to determine the password, and so little of the hash is actually transmitted that it is made far less possible.

The password is checked at login if more than a day has elapsed since the previous check. If the check fails, a highlighted notice will be displayed, prompting the user to change to another though that does not have to be immediately. The master manager will be notified if a login check fails. New passwords are also checked, and if rejected, another will need to be provided.

If disabled, any of the fields are blank, or the target password checking site is not available, login will proceed as if the check had passed, so that access to the site is not prevented. If any of the values are removed, the facility will be disabled.

  • Versions
  • Users
  • Site
  • Contact   Glossary   Policies
  • Categories   Feed   Site map

  • This site doesn't store cookies or other files on your device when visiting public pages.
    External sites: Open in a new tab or window, and might store cookies or other files on your device. Visit them at your own risk.
    Powered by: Smallsite Design©Patanjali Sokaris