If a user attempts to sign on repeatedly, without success, ExtraView will disable their account as a security precaution. The controls for this feature are within the administrative Site Configuration menu, on the Security and Session Settings menu.
| Behavior Setting | Default Value | Description |
| MAX_SIGNON_ATTEMPTS | 3 | The maximum number of consecutive failed sign on attempts allowed by an individual user before their account is disabled. The number of failures is measured in the period defined in SIGNON_PERIOD_MINUTES |
| SIGNON_PERIOD_MINUTES | 5 | Once a user fails to sign on because of an invalid password, they will be allowed to make a total of MAX_SIGNON_ATTEMPTS in this period |
If a user’s account is disabled, the system administrator is notified by email. The system administrator is also notified if a person from a specific IP address attempts to sign on repeatedly and unsuccessfully from the same address according to the above settings. If the user is using the User ID of ADMIN and attempting to sign on, then the MAX_SIGNON_ATTEMPTS is internally set to two times the value in the behavior setting. This is because it can be a significant maintenance problem if the ADMIN account is disabled and cannot be re-enabled. Thus ExtraView allows some extra sign on attempts before disabling the ADMIN account, but security considerations still ensure that there is not the ability to try to sign on repeatedly.
If the behavior setting named CUSTOM_AUTHENTICATION is set to YES, then the user’s account is not disabled if there are repeated failed sign on attempts. The assumption is that the custom authentication method, such as the LDAP server, will perform the action of disabling the user’s account and it is superfluous to disable the account in two places.
The settings for notification are in the Email Settings menu within Email Notification and are:
| Behavior Setting | Description |
| EMAIL_ADMINISTRATOR_NAME | This is the email address or alias for the ExtraView administrator. Emails that are automatically generated by ExtraView are originated with this name. Examples are emails sent upon the self registration of a user, or an unauthorized access attempt |
| EMAIL_ADMINISTRATOR_USER_ID | This is the email address to which emails originating within ExtraView are sent. This is usually the administrator's email address or an alias for the administrator |
