Password explosion-proof cracking setting

The SuperMap GIS server supports setting the number of consecutive password errors allowed in a period to prevent brute force. If the administrator has enabled the password explosion-proof cracking setting, for example, in the default configuration, if the password entered fails five times in a row within 10 minutes, the account will be automatically locked.

The administrator can set the whether to enable password explosion-proof cracking settings on the Security Config page (not enabled by default), and can customize and modify parameters such as the locking period and the number of failures allowed, including:

  • Locking period (minutes): The time period for detecting the number of consecutive failures. The default is 10 minutes.
  • Allowed consecutive times of failure: the maximum number of consecutive times of failure. The account will be locked immediately if the maximum number is exceeded. The default is 5 times.
  • Automatic unlocking time (minutes): The time required for automatic unlocking after the account is locked. The default is 20 minutes. If the security level is required to be higher, the administrator can set the number to be higher.

After the user is locked, you need to contact the administrator to unlock it .

historical password reservation

When you change password, the GIS server supports setting that the new password cannot be a duplicate of any of the previous passwords. It also supports the administrator to customize the number of non-repeatable times (default is 5, including the password currently used). After entering the value, click the modify button to take effect.

Force change password settings

SuperMap GIS server supports the detection of the password entered by the user when logging in, and requires the user to reset the password under certain conditions to improve the system security.

The administrator can set the password to be reset on the Security Config page (not enabled by default), and customize the password validity period and other parameters, including:

  • Password reset is required for the first login: the user needs to reset the password when logging in the account assigned by the administrator for the first time
  • Password needs to be reset after the password is reset by the administrator: After the password is reset by the administrator, the user needs to reset the password when logging in
  • Password needs to be reset after the expiration of the password: if the password has expired during login, the user needs to reset the password when logging in
  • Password validity period (days): the number of days the password is valid, which should be set as a positive integer

After the setting is completed, click the Save button to take effect. The user will jump to the change password page when logging in when the password needs to be reset, and will jump back to the login page to log in after the modification is completed and saved.

Verification code login settings

SuperMap GIS server supports verification code check when users log in to improve system security. Login is allowed only when the user enters the correct user name, password and verification code shown in the picture at the same time. See: Verification Code Login Settings for details of the way to open the verification code login settings