Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attackers can currently do unlimited attempts to retrieve user passwords. There are a few good practices we may add to improve this.
I think the following would be nice:
*these are default values that may be adapted in the server config file
The text was updated successfully, but these errors were encountered:
Take care that these checks are done in all cases that a password can be created/edited
Sorry, something went wrong.
Note: not all of this is backwards compatible so maybe in 4.0?
Login attempts: 3, block time 15min
The password requirements are not checked yet when creating a new user
bartvanb
Successfully merging a pull request may close this issue.
Attackers can currently do unlimited attempts to retrieve user passwords. There are a few good practices we may add to improve this.
I think the following would be nice:
*these are default values that may be adapted in the server config file
The text was updated successfully, but these errors were encountered: