Bsoft-App Remote Access prevents brute-force attacks by locking accounts after repeated failed attempts to login through the Portal.
By default, the lockout feature uses the following parameters:
|
Parameter |
Description |
Default value |
|
LockoutActivated |
Defines if the Lockout feature is activated. The Lockout feature can be disabled by setting this parameter to false. Possible values are: true, false. |
true |
|
LockoutInterval |
Specifies the allowable interval of time between failed login attempts. In seconds. |
600 |
|
LockoutLimit |
Defines the number of allowed failed attempts before the account is locked out. |
10 |
|
LockoutPeriod |
Specifies the amount of time an account is locked out and unable to login. In seconds. |
1800 |
These settings are available in the admin tool / expert mode / advanced / lockout : 
For larger deployments that use scripted management tools, these parameters can be overridden by editing the configuration file hb.exe.config located in <Bsoft-App setup directory>\Clients\www\cgi-bin directory. In the appSettings node of the document, the parameter key may be set to a different value. The change are effective once the hb.exe.config file is saved.
For example, see the following configuration for disabling the lockout feature:
<appSettings>
<add key="LockoutActivated" value="false" />
<add key="LockoutInterval" value="600" />
<add key="LockoutLimit" value="10" />
<add key="LockoutPeriod" value="1800" />
</appSettings>
Note: The period of time a user is locked out is the greatest value between Lockout Period and Lockout Interval settings. Therefore, when changing Lockout Period's value, one should update the Lockout Interval setting with a smaller value to ensure a relevant behavior.