Sage X3 Ideas Portal

Security enhancement - lock out user after X number of attempts

Our customer has requested can this functionality be reincluded, as not having a limit on the number of attempts to log in to X3 is considered a security risk. Thanks Sarah

  • Guest
  • Oct 27 2023
  • Future consideration
  • Attach files
  • Admin
    Stephane Azouri commented
    13 Mar 09:51am

    This will be part of a future incremental enhancement of the Sage X3 basic authentication mechanism.
    However, we need to highlight that:

    • The basic authentication mechanism (user/password) should never be used in a production environment and is supplied solely for demo / dev / test purposes. This is clearly stated in the Sage X3 security guidelines available in the technical help.
      Customers should always use an advanced authentication service (OAuth2, SAML, LDAP...) to authenticate into X3.

    • Starting from Sage X3 2023 R2, there's a stall time of a few seconds introduced after each failed login attempt with basic authentication, to prevent brute-force or denial-of-service attacks.

  • +3