Dave Roberts wrote:
John Garrould wrote:
Is there a way to configure the server so that malicious users cannot
try multiple log-in attempts without reconnecting? Ideally I would
like to be able to configure the connection to be dropped after 3
invalid attempts at the password.
I don't believe this is currently configurable. Niklas or Rana can
correct me if I'm wrong about this.
You're correct, it is not currently possible to set. However, I think
it's a very good idea, even to have a default value that kicks a user
after a certain number of login attempts. I've created a JIRA issue to
track this and will have a look at fixing it within the next couple days.
https://issues.apache.org/jira/browse/FTPSERVER-94
/niklas
