The locked out functionality in SCP portal does not have the behavior typically adopted on different platforms.
The system should only block the offending IP and not block the username. Only in this way we can ensure that we block a brute force attack without blocking the legitimate user who is accessing through an IP that has not done anything wrong.
Another issue is the blocking time. Is the user locked forever (until manually unlocked)?
The behavior of Locked Out has generated many unnecessary requests for assistance, at least with us. Can we disable it?
I think in WSP it was possible to control the number of attempts and the duration of the blocking time in the web.config
I do not know if these definitions are still possible to apply in the SCP. I have to see if I find a backup of the WSP.
I am not a programmer, but during this year our company will try to contribute to the development of SCP.
- Views1667 times
- Answers3 answers