Security: make validatePasswordFlood() in LogInOut.php user controllable

Started by BeberGold, December 29, 2022, 04:05:27 PM

Previous topic - Next topic


This request comes from the discussion on this link:

Quote from: shawnb61 on December 29, 2022, 01:38:39 PMIn addition to that, there is password flood detection & control.

If we detect multiple attempts within a 10 second window, we don't even let them know if they get it right...

For more info, look at validatePasswordFlood() in LogInOut.php.

These security parameters are not currently user controllable.

A GUI option for the administrator would be nice. Would it be possible to adjust them in the security settings of the board please?

Thank you.