Security enhancement - lock out user after X number of attempts
Our customer has requested can this functionality be reincluded, as not having a limit on the number of attempts to log in to X3 is considered a security risk. Thanks Sarah
This will be part of a future incremental enhancement of the Sage X3 basic authentication mechanism. However, we need to highlight that:
The basic authentication mechanism (user/password) should never be used in a production environment and is supplied solely for demo / dev / test purposes. This is clearly stated in the Sage X3 security guidelines available in the technical help. Customers should always use an advanced authentication service (OAuth2, SAML, LDAP...) to authenticate into X3.
Starting from Sage X3 2023 R2, there's a stall time of a few seconds introduced after each failed login attempt with basic authentication, to prevent brute-force or denial-of-service attacks.
This will be part of a future incremental enhancement of the Sage X3 basic authentication mechanism.
However, we need to highlight that:
The basic authentication mechanism (user/password) should never be used in a production environment and is supplied solely for demo / dev / test purposes. This is clearly stated in the Sage X3 security guidelines available in the technical help.
Customers should always use an advanced authentication service (OAuth2, SAML, LDAP...) to authenticate into X3.
Starting from Sage X3 2023 R2, there's a stall time of a few seconds introduced after each failed login attempt with basic authentication, to prevent brute-force or denial-of-service attacks.