diff options
author | Yorhel <git@yorhel.nl> | 2019-05-15 20:48:53 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2019-05-16 09:19:56 +0200 |
commit | 1cbc5107f32ec744d1834569f3885146d7282974 (patch) | |
tree | c7970b7815daf0c37db5baf6e6bb611b04759888 /data | |
parent | a193e240f5ea41509276ede529c68642af2ec656 (diff) |
Add password dictionary check
This affects the following:
- API login with a weak password is disallowed, affected users will have
to change their password through the website to continue using the API.
- Registration, password reset or password change forms require the new
password to not be in the dictionary.
- Attempting to log in to the website with a weak password will
force-redirect to a password change form, allowing a new password to
be set (using the weak-but-still-valid password as check).
Diffstat (limited to 'data')
-rw-r--r-- | data/config_example.pl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/config_example.pl b/data/config_example.pl index 4d7d04fc..dd2fb9db 100644 --- a/data/config_example.pl +++ b/data/config_example.pl @@ -20,6 +20,9 @@ package VNDB; url_static => 'http://localhost:3000', form_salt => '<some unique string>', scrypt_salt => '<another unique string>', + # Uncomment if you want to test password strength against a dictionary. See + # lib/PWLookup.pm for instructions on how to create the database file. + #password_db => $ROOT.'/data/passwords.dat', ); $M{db_login} = { dbname => 'vndb', user => 'vndb_multi', password => 'vndb_multi' }; |