From b7c000b78b9af253fb115bbfa5ef0d4c0681abbb Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Mon, 11 Mar 2019 19:47:23 +0200
Subject: Changed brute force protection package from eluck:accounts-lockout to
 lucasantoniassi:accounts-lockout that is maintained and works. Added
 Snap/Docker/Source settings.

Thanks to xet7 !

Closes #1572,
closes #1821
---
 start-wekan.bat | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'start-wekan.bat')

diff --git a/start-wekan.bat b/start-wekan.bat
index 001700f3..6cf481c3 100755
--- a/start-wekan.bat
+++ b/start-wekan.bat
@@ -14,6 +14,16 @@ SET PORT=2000
 REM # If you disable Wekan API with false, Export Board does not work.
 SET WITH_API=true
 
+REM # ==== PASSWORD BRUTE FORCE PROTECTION ====
+REM #https://atmospherejs.com/lucasantoniassi/accounts-lockout
+REM #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
+REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
+REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
+REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
+REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
+REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
+REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
+
 REM # Optional: Integration with Matomo https://matomo.org that is installed to your server
 REM # The address of the server where Matomo is hosted.
 REM # example: - MATOMO_ADDRESS=https://example.com/matomo
-- 
cgit v1.2.3-1-g7c22