Dave Roberts wrote:
John Garrould wrote:
Is there a  way to configure the server so that malicious users cannot
try multiple log-in attempts without reconnecting?  Ideally I would
like to be able to configure the connection to be dropped after 3
invalid attempts at the password.

I don't believe this is currently configurable.  Niklas or Rana can
correct me if I'm wrong about this.

You're correct, it is not currently possible to set. However, I think it's a very good idea, even to have a default value that kicks a user after a certain number of login attempts. I've created a JIRA issue to track this and will have a look at fixing it within the next couple days.

https://issues.apache.org/jira/browse/FTPSERVER-94

/niklas

Reply via email to