I am using the basic web server on a 7U using Net+Os 7.4.2 for a simple configuration page. My customer has strict security requirements, most of which I have been able to meet. The requirements I am having trouble with are: allowing a maximum password retries and to lockout the user for a period of time if the retries are exceeded.
Any suggestions on how to accomplish these?
The closest I can think of would be as follows: IN V7.42 the System User Account Access component added (user defined) callback that can be set. If set it is called and it assumes that yo perform all of the authentication. Further, as far as the functionality of the callback, you could, theortically, write code to watch the number of times a user is called and do whatever you need to do if they access too many times. Since the callback is called form the web server, somehow the callback would have to have some (global) knowledge of what users have requested authentication how many times. Clearly this would all be very application dependent.
In the API reference guide see naSysAccessGetAuthHandler and naSysAccessSetAuthHandler. Also in running V7.42 this may have been added after V7.4 initially shipped. Checked in src\bsp\common\sysaccess.c. If these calls are not there then you are behind in at least one patch.