Copy link to clipboard
Copied
Hi
I am brand new to Adobe CloudFusion. My supervisor has tasked me with implementing Account Lockup on our server. Can you guide me as to how to do this and if there is any scripts or coding, it would be a termendous help.
I tried looking for materials in Google and Youtube, but there is no beginner guide to do so, to my knowledge.
Thank you in advance.
Ah, no. To quote a very old SNL skit, "that's very different". 🙂
So you did indeed mean to "make an account usable", as I hinted about the term you'd used. But sadly, no,
it's not something covered in the lockdown guide.
So help us out: is your supervisor wanting to lockout repeated failed attempts to access the cf admin? Or some cf app of your own?
There is (again, sadly) no feature in the cf admin for this. But then access to the cf admin is locked down to the local machine by default
...
I want to set Account Lockout policy, so that after several failed attempts, the user will be lockout of their account for specific duration.
By @Danial22236738npv0
That is a good question. It is in fact one of the commonest use-cases among login requirements.
There is no universal solution. It all depends on your specific requirements. So, start by specifying your requirements, in layman's terms. For example,
Copy link to clipboard
Copied
Adobe Coldfusion**
Copy link to clipboard
Copied
I'll assume you mean "lockdown" rather than "lockup", and that you mean "to make CF more secure" than it is by default.
Sadly, there's no beginner guide. There is an auto lockdown tool offered with CF2018 and above--and while "easy to use" I would NOT call it a beginner tool. Nearly everyone I know who's ever run it rued the day, as it made their server virtually unsable. Very secure, but pretty much unusable. That was too high a price for most to pay.
Instead, there has for years been the ColdFusion Lockdown Guide (which you may not have found readily if you googled for account lockup--which means make the account unsable). The lockdown guide was written by Pete Freitag (not of Adobe, but FOR Adobe), and it's been updated every release since CF8. You don't say what version you are on, but google: coldfusion 2016 lockdown guide, for instance, to find that version's guide.
And that 2016 guide was indeed the last one written before the new CF2018 auto lockdown tool, which the guides since then focus on using. Some regard that 2016 guide as "the guide" to use to walk through the process.
But it too is no 'beginner guide", as it involves dozens of steps (with sometimes many sub-steps) and many dozens of pages.
So what to do? Hire someone to help. Seriously. Or plow through the guide. I'm not aware of any other "beginner guide".
FWIW, recent CF installers have added more choices to make CF "more secure" out of the box (if you choose those options), while CF itself is "more secure" than earlier CF versions were. That may be consolation enough for you and your supervisor. If not, then pull out the Lockdown Guide and follow along, or hire someone. I provide such help (carehart.org) as does Pete Freitag (foundeo.com). And I list at my CF411 site still more CF development companies and CF troubleshooting consulting companies who may be able to help.
Or perhaps someone else reading this will reply with a better "beginner guide" for you. (Someone may be tempted to recommend that the "learn CF in a week" site has lots of great intro topics, but their discussion on this topic of securely configuring CF is pretty slim.)
Sorry I can't offer just what you need. It's an intereting opportunity for someone to pursue.
Copy link to clipboard
Copied
Hi Charlie
Thank you for your extensive reply to my question. Actually, what I was meant to say is Account Lockout instead of Lockup. I want to set Account Lockout policy, so that after several failed attempts, the user will be lockout of their account for specific duration.
I am not sure if Lockdown and Lockout, is the same thing or covers similar security, but I will go through the material you recommended, ColdFusion 2021 Lockdown Guide.
Once again, thank you very much sir for taking your time to reply to my question.
Copy link to clipboard
Copied
Ah, no. To quote a very old SNL skit, "that's very different". 🙂
So you did indeed mean to "make an account usable", as I hinted about the term you'd used. But sadly, no,
it's not something covered in the lockdown guide.
So help us out: is your supervisor wanting to lockout repeated failed attempts to access the cf admin? Or some cf app of your own?
There is (again, sadly) no feature in the cf admin for this. But then access to the cf admin is locked down to the local machine by default, since cf2016 at least.
As for enabling this for your own app, there's no "feature" of cf that enables this. It's one you'd need to code yourself. Logically it may seem rather simple on the surface, to create at least "something that's better than nothing". I've not seen any shared cfml code or even blog post on the topic, though again it's a good one for someone.
But I'll add that truly effective security can get challenging quickly. Someone designing such a system should really research account lockout concepts (in any app or platform) to ensure they don't leave an unexpected hole in their protection.
Hope that helps.
Copy link to clipboard
Copied
Question: So help us out: is your supervisor wanting to lockout repeated failed attempts to access the cf admin? Or some cf app of your own?
Answer: lockout repeated failed attempts to access our own app.
Guess will have to do the coding for it then.
Thank you.
Copy link to clipboard
Copied
I want to set Account Lockout policy, so that after several failed attempts, the user will be lockout of their account for specific duration.
By @Danial22236738npv0
That is a good question. It is in fact one of the commonest use-cases among login requirements.
There is no universal solution. It all depends on your specific requirements. So, start by specifying your requirements, in layman's terms. For example,
I shall now give you a description of a possible solution.
Copy link to clipboard
Copied
Hi BKBK
Thank you for your solutions.
Copy link to clipboard
Copied
My pleasure, @Danial22236738npv0 .