limit the maximum count of password / token check failures per IP/user per minute (#33)

conf/ezbookkeeping.ini

@@ -180,6 +180,12 @@ email_verify_token_expired_time = 3600
 # Password reset token expired seconds (60 - 4294967295), default is 3600 (60 minutes)
 password_reset_token_expired_time = 3600
 
+# Maximum count of password / token check failures (0 - 4294967295) per IP per minute (use the above duplicate checker), default is 5, set to 0 to disable
+max_failures_per_ip_per_minute = 5
+
+# Maximum count of password / token check failures (0 - 4294967295) per user per minute (use the above duplicate checker), default is 5, set to 0 to disable
+max_failures_per_user_per_minute = 5
+
 # Add X-Request-Id header to response to track user request or error, default is true
 request_id_header = true