1
0
-1

Does the default Form Security Filter lock or block the transaction after a number of unsuccessful attempts? Is there any documentation which describes how it functions out of the box?

Would it be conceivably possible for a custom Form Security Filter to include similar functionality?

  1. Sacha Trube

    This question should read:

    "How does the Form Submission Access Controller prevent brute force attacks on default resume form challenge response patterns"

    ... and "Can a Form Security Filter implementation add additional functionality to disable a transaction if too many attempts have been made on the challenge?"


CommentAdd your comment...

1 answer

  1.  
    1
    0
    -1

    Hi Sacha,

    There isn't a 'default' Form Security Filter.  If you create one, it will run before the regular TM access checks, so it's an extra level of security.

    So, it would be conceivably possibly to check for brute force attacks, but I would think that is better dealt with via wider system configuration rather than code.

    1. Sacha Trube

      What process runs when you don't create a security filter? Some default server side process checks that the challenge response matches the designated form data before serving up PII.

    2. Bill Frost

      It's the Form Submission Access Controller service.

    3. Sacha Trube

      Comment on question to update specificity.

    CommentAdd your comment...