• 2 replies
  • Latest Post - ‏2017-08-23T11:48:22Z by MadisonQuinn
3 Posts

Pinned topic NetSuite Denial Of Service Issue

‏2012-01-20T05:56:43Z |
I noticed a fairly obvious attack vector when working with the Cast Iron NetSuite endpoint. Cast Iron connects to NetSuite SuiteTalk using a standard NetSuite account. However, since the NetSuite login screen is publicly available, anyone that knows the account name (email address) that Cast Iron is using to authenticate with NetSuite can simply attempt to login into NetSuite with six bad passwords and the NetSuite account locks. This effectively breaks any Cast Iron to NetSuite SuiteTalk orchestrations.

I realize that this is not necessarily a Cast Iron problem, but obviously this is not acceptable for enterprise use. Any internet user can take down these orchestrations with an email address. They don't even have to know the password. Does Cast Iron support any other way to connect to NetSuite?
  • devtfl
    1 Post

    Re: NetSuite Denial Of Service Issue


    This isn't really a Cast Iron issue, it's true of any use of the NetSuite web service. The issue leads to a broader set of problems with the NetSuite web service architecture. NetSuite does not support an API Key or token type of authentication.

    It also relies on user based passwords. Since these expire in NetSuite by default every 90 days (unless the setting is changed) this also causes issues with the login for a web services call. Once that password expires, the integration will lock the account. NetSuite will have to address these issues eventually. Until then, don't disclose your username and passwords to anyone you think may crash your integration.

  • MadisonQuinn
    1 Post

    Re: NetSuite Denial Of Service Issue


    Hi Greg

    The Cast Iron Systems solution can also be used to connect NetSuite with a wide variety of other on-premise software systems.

    Cast Iron Systems offers clients a complete platform to integrate cloud applications with on-premise applications, such as ERP solutions from SAP and Oracle. Using Cast Iron Systems' hundreds of pre-built templates and services expertise, expensive custom coding can be eliminated allowing cloud integrations to be completed in the space of days, rather than weeks or longer. 


    For more information please visit