General Security Enhancements

Objective

After completing this lesson, you will be able to describe improvements to the security posture of SAP Commerce Cloud

Disabling Admin User Login in Brute Force Attack Prevention

The following property now allows you to disable the login for the admin user:

JSON
1
admin.login.enabled=false

The default value of this property is true. This property affects admin login to all applications, including Backoffice and Administration Console.

You can use this property as part of the brute force attack prevention. After changing its value to false, the login for the admin user will be blocked, protecting this user from brute force attacks.

Caution

Before using admin.login.enabled=false, ensure that you've created other admin users that are part of the admingroup so that the admin privileges are not lost completely after this property has been applied.

Why?

Disabling the login for the admin user as part of the brute force attack prevention improves security by ensuring that the admin privileges are not used by potential attackers using brute force attacks.

Disabling Plaintext Fallback in Transparent Attribute Encryption (TAE) and Removal of Plaintext From Creation of System Users

Sensitive string attributes secured by Transparent Attribute Encryption (TAE) now have enhanced protection against data tampering. You can disable the TAE plaintext fallback to mitigate the risk of the system accepting potentially compromised plaintext values. In addition, plaintext-based initialization has been removed from the creation of anonymous and admin users.

TAE Plaintext Fallback Control

The TAE mechanism is designed to ensure both confidentiality and integrity of your data. Whenever you opt for TAE encryption of an attribute in items.xml, the attribute should not be visible to or changeable by unauthorized parties.

As part of our continuous improvement efforts, we have modified the current configuration of TAE to provide increased security for the most sensitive values in your database.

A new configurable property has been added to the advanced.properties file:

toggle.disallowTaeEncryptionFallback.enabled.

This property controls the system's behavior when an unauthorized party attempts to overwrite encrypted attribute values using plaintext directly in the database. Setting this flag to true prevents the use of attacker-provided values in case of a decoding error. The system will not fall back to raw values but will report a data breach and return an exception.

Note

For backward compatibility reasons, toggle.disallowTaeEncryptionFallback.enabled is set to false by default. We strongly recommend changing this value to true for enhanced security of your system.

While setting the toggle.disallowTaeEncryptionFallback.enabled to true significantly enhances security, it may potentially impact system behavior in cases where decryption failures were previously silent. System administrators should be aware that applications may now encounter exceptions in scenarios where they previously received plaintext data.

To mitigate possible unwelcome impacts, consider these recommendations:

  • Review and update error handling in applications that interact with encrypted data to properly handle the DecryptionException.
  • Monitor security logs for decryption failures, as these may indicate attempted security breaches or issues with encryption keys.
  • Ensure that encryption keys are properly managed and backed up to prevent legitimate decryption failures.

Removing Plaintext-Based Initialization from System User Creation Process

The creation of administrator and anonymous users during system initialization no longer relies on plaintext.

Previously, the default users: admin and anonymous were set with explicit plaintext encoding to prevent logging failures if there's a change in the default password encoder.

We have redesigned the responsible method to eliminate potentially insecure storage of initial passwords as plaintext. Following the change, admin and anonymous users are initially created as inactive accounts with a null value for both password and password encoding and with the disabled login.

Why?

These changes enhance the overall system security by disabling plaintext fallback and refining the user initialization process.

By implementing these modifications, we ensure that the TAE mechanism and user creation process achieve both confidentiality and integrity objectives, providing robust protection against unauthorized access and data tampering.

Logging Permission Changes in Audit Logging

To ensure compliance, permission changes are now logged in audit logging.

All permission assignments where permissions are granted, removed, or denied are now logged in audit logging. For more information on permission assignments, see Access Rights.

Why?

Logging permission changes ensures that information about such changes can be easily retrieved from log files, which allows you to have a better control over internal processes.

Deprecated Customer Coupon Campaign URL

Customer coupon campaign URL is deprecated and replaced by a new and improved URL.

To fix the security issue where coupon codes are used in coupon campaign URLs, the old URL has been deprecated. A new and more secure method for claiming the coupon via URL has been implemented. If you've customized the customercouponaddon and wish to activate the new solution for claiming coupons in your storefront, refer to Upgrading to 2211.37.

For more information on claiming the customer coupon through the coupon's URL, see Claiming a Coupon.

Why?

The customer coupon campaign URL was re-factored to improve security.

Enabling One-Time Verification Token for Customer Registration OCC API

Customer registration flow is improved by adding One-Time Verification Token verification for modules including Commerce Services, B2C Accelerator AddOns, B2B Accelerator AddOns, and Marketplace.

Customer registration OCC API endpoints now have One-Time Verification Token verification based on customer email address.

  • POST /{baseSiteId}/users
  • POST /{baseSiteId}/orgUsers

One-Time Verification Token rate limits are supported for customer login and registration.

Why?

Implementing a support for verification during B2C or B2B customer registration through OCC API. This verification provides additional security by confirming the owner of the given email.

The rate limit settings prevent generating verification tokens too many times in a given time period.

Feature Activation

This feature is activated by default. For more information, see:

Automatic Unlocking of User Accounts And OAuth Clients Locked After Unsuccessful Login Attempts

You can now decide when user accounts and OAuth clients are automatically unlocked after being disabled due to multiple failed login attempts.

User accounts and OAuth clients can now be automatically unlocked after being disabled as a result of a brute-force attack prevention mechanism triggered by a number of unsuccessful login attempts. Unlocking accounts after a configurable period allows valid users to eventually log in, while slowing down attackers from probing passwords.

For more information on the automatic unlocking, see Automatic Unlocking of Locked User Accounts and OAuth Clients.

Why?

Automatically unlocking user accounts improves user experience and productivity, reduces IT workload, and maintains security consistency.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn