System Blocking

Aurea CRM provides a variety of blocking mechanism to protect the system against unauthorized access.

If one of the blocking mechanisms is enabled, a neutral message is displayed informing the user that a login error has occurred (instead of a specific error message).

The following options are available for each station on the Blocking tab in the Station Configuration info area:

  • Max. no of failed login attempts: Number of failed login attempts before the user can no longer log in.
    Note: The maximum number of login attempts can be defined for both stations and users (in the Configuration module or in the Configure Login window). User-specific settings take precedence over station-specific settings. The maximum number of failed login attempts also applies to the SU.
  • Track Login Attempts: Failed login attempts are logged in the Process Tracking info area (Process: "(8000) Login", Text: "<Computer name>: Incorrect password").
  • Max. Blocking: Enables the blocking mechanism for the maximum number of failed login attempts on this station.

    If a user enters an incorrect password, the value in the No. of failed login attempts (in the Configuration module or the Configure Login window) is increased by 1. Once the number of attempts reaches the value in the Max. No. of failed login attempts field (in the Configuration module or the Configure Login window), the user is no longer allows to log in.

    Reset the value in the No. of failed login attempts to 0 (zero) in the Configuration module or Configure Login window to allow the user to log in again.

    If the Ignore max. no of failed login attempts option is enabled for a user, the user is exempted from this blocking mechanism.

  • Exponential Blocking: Enables exponential blocking for the station.

    If a user enters an incorrect password, the value in the No. of failed login attempts (in the Configuration module or the Configure Login window) is increased by 1. The system is locked for 2n seconds (where "n" is the number of failed login attempts).

    Once the correct password has been entered, the value in the No. of failed login attempts is reset to 0 (zero).

    Note: The maximum time that the SU is blocked is limited to approximately 17 minutes (210 seconds).