Spent a bit tonight and did a security update in the 0.0.9-alhpa branch. config.hjson can now (and does by default) specify controls for failed login attempts:
* Disconnect the client after N failed attmepts (0 = disable)
* Lock out the user after N failed passwords in a row. Locked out users cannot log in even if the good password is used. (0 = disable)
* Auto-unlock user after N minutes (0 = disable)
* Optionally allow the password reset over email to reset lock status
Enjoy!
Great work!
--- Mystic BBS v1.12 A39 2018/04/21 (Raspberry Pi/32)
* Origin: ToTAL LoST BBS (21:4/136)