Overview

Dify Enterprise Edition has implemented multiple security strategies to protect enterprise data and systems from potential threats. This document will introduce you to Dify’s various security mechanisms that safeguard your enterprise data.

Account Security

Authentication Strategies

Dify supports multiple secure authentication methods to meet the security requirements of different enterprises:

1. Basic Authentication Methods

Traditional login method combined with strong password policies.

Password Complexity Requirements: Complies with OWASP security guidelines.

  • Mandatory combination of uppercase and lowercase letters.
  • Special characters required.
  • Numbers must be included.
  • Plans to increase minimum password length requirements in the future.

Password Reset Protection

  • Account restrictions triggered after 5 consecutive failed password reset attempts.
  • Account automatically locked for 24 hours to prevent brute force attacks.
  • Single Sign-On (SSO): Integrates with existing enterprise identity systems, reducing the risk of brute force attacks associated with traditional login methods. For detailed information, refer to Enterprise SSO Authentication.

Account Login/Access Control

To prevent account abuse and potential network attacks, Dify has implemented strict request frequency limitations:

IP-Based Request Frequency Control

  • Email Sending Limit: Maximum of 50 email requests per minute.
  • Temporary Restriction Mechanism: Exceeding the limit triggers a 10-minute access restriction.
  • Escalation Policy: Continued high-frequency email requests during the restriction period will escalate to a 1-hour freeze period.

Login Protection Mechanisms

Dify employs multi-layered login protection measures:

  • Failed Attempt Limitations: Protection mechanisms triggered after 5 consecutive failed login attempts.
  • Automatic Account Locking: Account locked for 24 hours after reaching the failure limit.
  • Abnormal Behavior Detection: System automatically identifies abnormal login behavior and takes protective measures.

Account Locking and Management

To further ensure account security, Dify provides the following account management mechanisms:

  • Automatic Locking: System automatically locks accounts for 24 hours after detecting abnormal behavior.
  • Administrator Control: System administrators can manually ban suspicious accounts.

Best Practices and Recommendations

To ensure your Dify platform receives optimal security protection, we recommend following these best practices:

Administrator Best Practices

  1. Regularly Review User Activity: Periodically check system logs to identify potentially suspicious activities.
  2. Implement Principle of Least Privilege: Only assign necessary minimum permissions to users.
  3. Regular Training: Ensure all system administrators understand the latest security threats and protection measures.

User Best Practices

  1. Use Strong Passwords: Create passwords that meet complexity requirements.
  2. Regularly Change Passwords: Recommended password changes every 90 days.
  3. Be Aware of Phishing Attacks: Stay vigilant against suspicious emails and phishing attempts, and avoid clicking unknown links.

Security Updates and Upgrades

The Dify team continuously monitors the latest developments in the security field and regularly updates platform security measures:

  • Regular Security Patches: We regularly release security updates and recommend upgrading to the latest version promptly.
  • Security Notifications: Major security updates will be communicated to users through official channels.