Add two new protections : REQUESTS_MIN_DELAY and MAX_PASSWORDS_PER_REQUEST (see conf.php)

server/conf.php

@@ -1,6 +1,6 @@
 <?php
 /*
-  Copyright (C) 2013-2014 Grégory Soutadé
+  Copyright (C) 2013-2015 Grégory Soutadé
   
   This file is part of gPass.
   
@@ -60,4 +60,23 @@ $PKDBF2_LEVEL=1000;
   standard crypto API will be stable it will be enabled by default.
 */
 $USE_SHADOW_LOGINS=0;
+
+/*
+  Protection against DDoS.
+  Each request can contains multiple password combination
+  (to support wildcards for example) and multiple names.
+  Currently only two passwords are sent from addon :
+      www.example.com
+      *.example.com
+  But, on future we may also consider 'www.example.*', '*.example.*' and lower case username.
+  For maximum security, you can set it to 2.
+ */
+$MAX_PASSWORDS_PER_REQUEST=10;
+
+/*
+  Protection against brute force.
+  Minimum delay (in milliseconds) between two requests.
+ */
+$REQUESTS_MIN_DELAY=1000;
+
 ?>