For added security, you can set up a timestamp variable, which determines if a logon request occurs within a configurable time period. This can help to prevent 'replay attacks'.
To use this optional timestamp, the time of the request (in UTC time) must be submitted via the ‘timestamp’ POST variable (embedded inside the encrypted ‘agentID’ variable), formatted in US date format (that is, ‘mm/dd/yyyy hh:mm:ss’).
To enable and configure the allowed range of timestamps, edit these registry values on the front-end Web server:
Type: REG_DWORD
Data: Defaults to 0. Set to 1 to enforce the timestamp in the POST form variables.
Important! If it is enabled, then the POST variable supplied with the Web form logon method may include a timestamp which is checked to see if it is within a specified time range. If it is not within this range, then the logon fails.
Type: REG_DWORD
Data: Defaults to 5 (minutes). Specifies a valid time interval. If set to 5, the logon timestamp must be within 5 minutes either side of the current time. For example, if the timestamp is 12:00, then the timestamp is valid from 11:55 to 12:05.
Note: For full details on implementing these additional security measures, please contact CA Support at http://ca.com/support.
|
Copyright © 2014 CA.
All rights reserved.
|
|