Server Tab:

Some of the information in this tab is for display purposes only. These items were defined during the installation of Joomla! and are not editable through this tab.

Warning: To edit these settings it is necessary to directly edit the configuration.php file. Only do this if absolutely necessary and there is a clear understanding of the risks involved. Visit the Joomla! Forums for guidance.

Absolute Path: This is the path to the root directory of the Joomla! installation, (referred to as joomla_root/) in the web servers file system. The information used by Joomla! to orientate it to the surrounding system. It will be necessary to edit this setting when, for example, changing server hosts, or when uploading a site from a local web server to an online web server.

Live Site: This is the absolute URL (web address) for this installation of Joomla!. It may be necessary to edit this setting when, for example, changing server hosts, or when uploading a site from a local web server to an online web server.

Secret Word: This is a unique alpha-numeric code for every Joomla! installation. It is created when Joomla! is first installed. It is used for security functions. See below...

Warning: If it was necessary to create the configuration.php file from the configuration.php-dist file included with every installation of Joomla! then it is recommended to edit the default Secret Word to something else to make the installation more secure. Find the entry mosConfig_secret and edit accordingly.

GZIP Page Compression: Selecting the Yes radio button will allow the web server to send compressed data, if supported by the server, to the client web browser. This could significantly decrease the time taken for the site to load in a visitors web browser and therefore increase the usability of the web site. Select No to disable this feature.

Site Session Lifetime: Enter the maximum number of seconds that Registered Users are allowed to be logged in to the Front-end of the web site, without activity, before automatic logout occurs. After automatic logout, the Registered User is required to login again using the correct Username and password to access any of the non-public Content Items or functions.

Admin Session Lifetime: Enter the maximum number of seconds that administrators are allowed to be logged in to the Back-end of the web site, without activity, before automatic logout occurs. After automatic logout, the administrator is required to login again using the correct Username and password to access any of the Back-end functions.

NOTE: Also note that editing a Content Item for example, without any Save/Apply activity is not deemed as being active as Joomla! does not recognise typing in an editor as being activity. The result of this may well be that the administrator will have been automatically logged out 'behind the scenes', when they then click the Save or Apply icons any material not saved within the Session Lifetime will be lost.

  Warning: Do not have the Admin Session Lifetime setting set too high as this could potentially be a security risk on a live system.

Remember Expired Admin page: If an administrator logs back in within ten minutes after the automatic logout they will be returned to the page they were viewing prior to the automatic logout. If this was an editable page they will return to the Manager of that page and the Item will appear Checked Out. Any Content that had not been saved will have been lost. Clicking on the Item name will re-open the page and allow them to continue.

Session Authentication Method: Control how Session Authentication is handled within Joomla!. Select one of three options the first of which is the default level:

• Level 3 Security - Highest and default.
• Level 2 Security - Allow for proxy IP's.
• Level 1 Security - Backward Compatibility.

Level 3 Security creates a session_id based on the mosConfig_secret reference + a Random Number + the Users Full IP address + the User Agent reference.

Level 2 Security creates a session_id based on the mosConfig_secret reference + a Random Number + the Users Subnet IP address + the User Agent reference. This was developed to assist web sites whose Users may primarily connect via AOL or are behind a Proxy bank. This is a less secure option than Level 3.

Level 1 Security creates a session_id based only on a Random Number + the Users Full IP address. This is an old and outdated way of doing things. This is the least secure method and should not really be considered.

In the above descriptions the following describes the individual element:

• User Agent information is based on the browser and system that a User is connecting to the web site with. It might look like this:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0

• mosConfig_secret is a random alpha-numeric code generated when a Joomla! web site is first installed. This is a fairly unique identifier of each Joomla! web site. See Security Word above.

Error Reporting: This option sets the level of PHP error reporting that is produced when the Debug Site option is set to Yes in the Site Tab of the Global Configuration screen.

For full details of PHP Error Reporting visit http://www.php.net/error-reporting.

Options are:

• System Default - This allows the level of error reporting to be determined by the php.ini file on the web server.
• None - This turns error reporting off.
• Simple - This turns error reporting to E_ERROR | E_WARNING | E_PARSE (see http://www.php.net/error-reporting).
• Maximum - This turns error reporting to the maximum level (E_ALL) .

 NOTE: The output from the Error Reports is generated at the foot of every page of the web site that is opened, and is viewable by all Users.

Help Server: Enter the full URL of the server with the Help content upon it. By default this is set to http://help.joomla.org. This can be set to a local address if site specific Help files have been created.

File Creation: Files created during the installation of new Components, Modules, and Mambots will automatically inherit the web server default file permissions. Selecting the option CHMOD new files allows the settings to be made manually for all files.

Warning: Do not make changes to this setting unless sufficiently experienced in file permission management as the results may be unexpected and insecure.

Directory Creation: Directories created during the installation of new Components, Modules, and Mambots will automatically inherit the web server default directory permissions. Selecting the option CHMOD new directories allows the settings to be made manually for all directories.

Warning: Do not make changes to this setting unless sufficiently experienced in directory permission management as the results may be unexpected and insecure.