Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] WebFocus User Security: How do you prevent Brute force of passwords?

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] WebFocus User Security: How do you prevent Brute force of passwords?
 Login/Join
 
Gold member
posted
Hi,

I currently have Webfocus 7.6.4 (Client and Server) running, through Tomcat / IIS. Recently we had some reports of users getting access to other user's accounts by guess their passwords.

Is there a way to automatically disable the account after a number of bad logins?

This message has been edited. Last edited by: Kerry,
 
Posts: 68 | Registered: March 15, 2006Report This Post
<JG>
posted
First of all install Resource Governor.

Then from the statistics find the IP address of those people who are hacking.

Identify the offender based on the IP address and sack them and preferably prosecute to set an example.

Or turn on full logging in IIS to get the details

Failing that the only real option you have is a script IIS side (I assume you are using IWA or similar) that will manage it.

Remember if it’s IIS that’s doing the authentication then you have not even got to WebFOCUS for it to do anything.
 
Report This Post
Gold member
posted Hide Post
Thank JG.

Right now, we are using the WebFocus MR authentication. Unfortunately we do not have the Resource governor.

However, we are looking into the IIS side and seeing if we can turn on full logging.
 
Posts: 68 | Registered: March 15, 2006Report This Post
Master
posted Hide Post
BenC,

Also Contact your local branch and see if you can get any suggestions from them. I am always willing to help my clients with issues like this. There are several ways to accomplish this, and any way you choose you want to be sure it will fit into the new WebFOCUS 8 Security model.




Scott

 
Posts: 865 | Registered: May 24, 2004Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] WebFocus User Security: How do you prevent Brute force of passwords?

Copyright © 1996-2020 Information Builders