summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2019-05-15 20:48:53 +0200
committerYorhel <git@yorhel.nl>2019-05-16 09:19:56 +0200
commit1cbc5107f32ec744d1834569f3885146d7282974 (patch)
treec7970b7815daf0c37db5baf6e6bb611b04759888 /data
parenta193e240f5ea41509276ede529c68642af2ec656 (diff)
Add password dictionary check
This affects the following: - API login with a weak password is disallowed, affected users will have to change their password through the website to continue using the API. - Registration, password reset or password change forms require the new password to not be in the dictionary. - Attempting to log in to the website with a weak password will force-redirect to a password change form, allowing a new password to be set (using the weak-but-still-valid password as check).
Diffstat (limited to 'data')
-rw-r--r--data/config_example.pl3
1 files changed, 3 insertions, 0 deletions
diff --git a/data/config_example.pl b/data/config_example.pl
index 4d7d04fc..dd2fb9db 100644
--- a/data/config_example.pl
+++ b/data/config_example.pl
@@ -20,6 +20,9 @@ package VNDB;
url_static => 'http://localhost:3000',
form_salt => '<some unique string>',
scrypt_salt => '<another unique string>',
+ # Uncomment if you want to test password strength against a dictionary. See
+ # lib/PWLookup.pm for instructions on how to create the database file.
+ #password_db => $ROOT.'/data/passwords.dat',
);
$M{db_login} = { dbname => 'vndb', user => 'vndb_multi', password => 'vndb_multi' };