[Feature]: count and handle failed logins #48
Labels
Breaking: Config
Changes in config-files
Env: Documentation
requires an update of the documentation
L: ★★☆
Expect mid difficulty
New feature / Improvement
new features and improvements of existing features
Security
security-bugs
Milestone
Feature
Description
To avoid brute-force-attacks against a user-account, there should be a counter for failed login-tries. After 3 failed login-tries there should be a forced wait time, which can be configured via config-file. Only after this timespan there should be login-try possible again. This should prevent brute-force attacks against a user-account.
Acceptance Criteria
Additional Information
Blocked by
How to test
The text was updated successfully, but these errors were encountered: