Home | Forums | Contact | Search | Syndication  
 
 [login] [create account]   Tuesday, November 26, 2024 
 
slxdeveloper.com Community Forums  
   
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
 Off Topic Forums - General & Off Topic
Forum for off topic and general discussion. View the code of conduct for posting guidelines.
Forums RSS Feed


 Back to Forum List | Back to General & Off Topic | New ThreadView:  Search:  
 Author  Thread: Compliance/Auditing
Marc Johnson
Posts: 252
 
Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 07 Dec 06 12:18 PM
fiogf49gjkf0d
Anyone now what SalesLogix is doing to be more secure?

I was asked about the following, about SalesLogix:
1. Log People out automatically after a period of inactivity?
2. Disable accounts automatically after a specified number of days of inactivity?
3. Enforce password complexity standards - 8 char min, use of alpha, numeric, caps, etc?
4. Expire passwords after a given number of days?

As far as I know the answer to all those questions is No. Anyone know of solutions around this issue or if Sage is working on this?
[Reply][Quote]
Mike Spragg
Posts: 1226
Top 10 forum poster: 1226 posts
 
Re: Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 08 Dec 06 2:29 AM
fiogf49gjkf0d
All your supported options (of which only 3 above is catered for) is in Admin - Tools | Passwords
[Reply][Quote]
Marc Johnson
Posts: 252
 
Re: Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 08 Dec 06 7:11 AM
fiogf49gjkf0d
Mike,

I did find some of the password complexity there but the other 3 options are not supported. I talked with SalesLogix about this and their suggestions were as follows (with my interpretation):

1. Log People out automatically after a period of inactivity?
----------------------------------------------------------------------
This isn't currently possible nor does it look likely to be a feature added any time soon. It's been considered by Sage and found to use too much system resources. This is due to the fact that a polling process would have to run to track user activity within the system. Right now the only user activity tracking is done at the table level when a user makes a change to a record. If no changes are made, there is no record of user activity.

2. Disable accounts automatically after a specified number of days of inactivity?
----------------------------------------------------------------------
This could be done with customization. A new table would have to be created that tracked when a user last logged on. A custom script could then be added to kick a user off if the last used date was beyond a set time frame. The password could be reset and it may be possible to completely disable the user account.

3. Enforce password complexity standards - 8 char min, use of alpha, numeric, caps, etc?
----------------------------------------------------------------------
SalesLogix does have some password complexity standards. The following can be set:
• Minimum password length
• Passwords must contain numbers and letters (Special characters/high ASCII are not required and do not look to be options.)
• Force user to change default password
• Do Not allow blank passwords
• Do no allow username as password
Additional complexity could be added with customization at the client level.

4. Expire passwords after a given number of days?
----------------------------------------------------------------------
This could be done with customization. This would likely be tied into #2. Store the date of last password set and check the date and force the user to change their password.

So out of the box SalesLogix has limited user account/password auditing but it could be added.
[Reply][Quote]
Bob (RJ)Ledger
Posts: 1103
Top 10 forum poster: 1103 posts
 
Re: Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 08 Dec 06 8:10 AM
fiogf49gjkf0d
Yep.. you've got it right...
Also, remember that in order to use SalesLogix one must login (to their pc) via their Windows Login to get to launch SalesLogix.

I'd make sure that the Windows layer met requirements before beating on application login(s).

just a thought..
--
rjl
[Reply][Quote]
Marc Johnson
Posts: 252
 
Re: Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 08 Dec 06 8:18 AM
fiogf49gjkf0d
Oh yea, that's already in place. The company is going through a complete comprehensive audit of all it's software tools to fix any weak links or at least be aware of where they are.

I doubt that SalesLogix is considered a serious problem in these areas but they needed to be defined and it'll be up to my boss and his bosses to deturmine if SalesLogix really needs to have that level of security implemented.

Still it's an interesting topic to discuss. My last company didn't bother with much security at all with SalesLogix. We used the Windows Authentication option so the SalesLogix password was pretty much irrelevant. Even then most of the SLX passwords were blank or the users phone extention or something like that. Nothing too difficult.
[Reply][Quote]
John Gundrum
Posts: 632
Top 10 forum poster: 632 posts
 
Re: Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 08 Dec 06 8:36 AM
fiogf49gjkf0d
Have you thought about using NT Authentication instead of having users login using the SLX login? The nice thing about this is authentication is done at the network level when the user logs in. So as long as you have the criteria in place at the network login you are covered. Other benefits are one less password to keep track of and when starting SLX it logs in automatically.

The only requirement is that when creating a new SLX user account is to set the password to something really obscure (using the guidelines you already outlined. As long as NT authentication is being used there is no need to know what the SLX password is. The only caveat to this is Intellisync. Kind of a pain in the side at times because it does use the SLX password and not NT authentication. If you are using Intellisync you will have to copy that obscure password down and then setup the Intellisync login.

If you don't use Intellisync.. well.. then no problem!

John G.
[Reply][Quote]
Bob (RJ)Ledger
Posts: 1103
Top 10 forum poster: 1103 posts
 
Re: Compliance/AuditingYour last visit to this thread was on 1/1/1970 12:00:00 AM
Posted: 10 Dec 06 8:33 AM
fiogf49gjkf0d
Quote:
Originally posted by John Gundrum

Have you thought about using NT Authentication .....
John G.


He IS already .. It's called "Windows Auth..."

--
rjl
[Reply][Quote]
 Page 1 of 1 
  You can subscribe to receive a daily forum digest in your user profile. View the site code of conduct for posting guidelines.

   Forum RSS Feed - Subscribe to the forum RSS feed to keep on top of the latest forum activity!
 

 
 slxdeveloper.com is brought to you courtesy of Ryan Farley & Customer FX Corporation.
 This site, and all contents herein, are Copyright © 2024 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.

code of conduct | Subscribe to the slxdeveloper.com Latest Article RSS feed
   
 
page cache (param): 11/26/2024 4:16:21 AM