diff options
author | Frederic Guillot <fred@kanboard.net> | 2017-01-29 11:07:42 -0500 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2017-01-29 11:07:42 -0500 |
commit | 0371acff89b14b9bdcb03e72fd9637e26e6b517c (patch) | |
tree | f5878c9c07705379d137843cb8f92e3cdf7c20a8 /doc/bruteforce-protection.markdown | |
parent | 3bf4789be255650b64f42231f41383cb13b65572 (diff) |
Move English documentation to folder en_US
Diffstat (limited to 'doc/bruteforce-protection.markdown')
-rw-r--r-- | doc/bruteforce-protection.markdown | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/doc/bruteforce-protection.markdown b/doc/bruteforce-protection.markdown deleted file mode 100644 index 2f75b919..00000000 --- a/doc/bruteforce-protection.markdown +++ /dev/null @@ -1,35 +0,0 @@ -Brute Force Protection -====================== - -The brute force protection of Kanboard works at the user account level: - -- After 3 authentication failure for the same username, the login form shows a captcha image to prevent automated bot tentatives. -- After 6 authentication failure, the user account is locked down for a period of 15 minutes. - -This feature works only for authentication methods that use the login form. - -However, **after three authentication failure through the user API**, the account has to be unlocked by using the login form. - -Kanboard doesn't block any IP addresses since bots can use several anonymous proxies. However, you can use external tools like [fail2ban](http://www.fail2ban.org) to avoid massive scans. - -Configuration -------------- - -Default settings can be changed with these configuration variables: - -```php -// Enable captcha after 3 authentication failure -define('BRUTEFORCE_CAPTCHA', 3); - -// Lock the account after 6 authentication failure -define('BRUTEFORCE_LOCKDOWN', 6); - -// Lock account duration in minutes -define('BRUTEFORCE_LOCKDOWN_DURATION', 15); -``` - -Unlocking users ---------------- - -If you don't want to wait 15 minutes, you can unlock a user from the user interface. -As administrator, go to the user profile and click on "Unlock this user". |