- Home
- My Profile
- echeah
-
Hi Chris,
Thank you, it's working now, I appreciate it.
Regards,
EdwinPost is under moderationStream item published successfully. Item will now be visible on your stream. -
Hi Sergey Eremenko
Thank you.
I've went through the docs before seeking Ken Munzenberger support via this forum. Basically I've traversed through the following links.
Starting from the same link you've sent me. When I got to the 3rd page (Journey SDK 21.05), there's no link to download the...Hi Sergey EremenkoMore
Thank you.
I've went through the docs before seeking Ken Munzenberger support via this forum. Basically I've traversed through the following links.
Starting from the same link you've sent me. When I got to the 3rd page (Journey SDK 21.05), there's no link to download the SDK, that's when I "Requested Accecss" to start this thread & got the broken link.
1. https://docs.avoka.com/api/index.htm
2. https://journey.temenos.com/index.php/resources/release-notes
3. https://journey.temenos.com/index.php/sdk-releases/journey-sdk-21-05
Any chance there's a newer link or another access type to be granted?Post is under moderationStream item published successfully. Item will now be visible on your stream. -
Still unable to down it with the link as it shows Error 404Post is under moderationStream item published successfully. Item will now be visible on your stream.
-
Where can Journey SDK 21.05 be downloaded?Post is under moderationStream item published successfully. Item will now be visible on your stream.
-
Thank you Juliet,
Follow up on your comment, a pop-up screen requesting for reference code normally appears when an attempt to resume/load data from a saved transaction.
If an attempt to resume/load a non existing data is made, the pop-up would...MoreThank you Juliet,
Follow up on your comment, a pop-up screen requesting for reference code normally appears when an attempt to resume/load data from a saved transaction.
If an attempt to resume/load a non existing data is made, the pop-up would clear it's field & continue to stay on for another reference code to be entered until it's right or user decides to cancel.Just sharing, the following conditions & properties are at play in dev environment.
Scenario 1:
a. Disable security questions - Save Confirm & Save Challenge (Not in use)
b. Max Save Challenge Requests = 5
c. Save Challenge Lockout Minutes = 15- It's form resume process is vulnerable to brute force attack, because pop-up continues to allow attackers to keep trying
with no limit counter to stop it.
- Getting reference code wrong in this scenario will not trigger the lockouts & the
property "Save Challenge Failures" (Found in a Transaction's --> Transaction Details Tab in Avoka Transact Manager)
does not increment even when reference code is invalid, hence the unlimited attempts to resume the form.Scenario 2: (An attempt to get "Save Challenge Failure" counter to increment)
a. Disable security questions - Save Confirm has security question where its "Form Data Config Mapping" set to Save Challenge.
Security question field is active however, it's never used by having it's visibility set to false.
b. Max Save Challenge Requests = 5
c. Save Challange Lockout Minutes = 15
- Enabling & then hiding the security question enables "Save Challenge Failures" to come into play.
However, instead of incrementing the counter when an invalid reference code is used,
it increments the counter when a valid reference code is provided & loads/resumes form successfully.
- This leads to a scenario where, user could resume successfully up to 5 times before the form locks for 15 minutes & release again.
So the counter works but it still isn't limiting brute force attempts with random reference code because the counter doesn't increment.
Similar to described in Scenario 1 above.Post is under moderationStream item published successfully. Item will now be visible on your stream. -
Background:
Is there a way to temporary disable attempts to resume a form with reference code after reaching maximum failed attempts?
The implementation is intended without using a Save Challenge / Security questions.Eg.
User attempts form resume...MoreBackground:
Is there a way to temporary disable attempts to resume a form with reference code after reaching maximum failed attempts?
The implementation is intended without using a Save Challenge / Security questions.Eg.
User attempts form resume (Using reference code) --> Lock form resume for 15 mins (If failed 5 attempts limit) --> Re-open enable form resume(After 15 mins)
Journey Maestro version: 20.05.2Post is under moderationStream item published successfully. Item will now be visible on your stream.