[interchange] Turn off UserDB ignore_case
Josh Lavin
interchange-cvs at icdevgroup.org
Mon Oct 31 21:20:43 UTC 2016
commit de456880f8ec7a60d28e4b01e667334a4cbc632e
Author: Josh Lavin <digory at cpan.org>
Date: Mon Oct 31 14:17:37 2016 -0700
Turn off UserDB ignore_case
- As this stores username/password in lowercase, it is not great for
security. Also it has the effect of preventing password changes once you
toggle it.
- If there were an option to standardize the case of usernames on login,
that would be nice. But affecting passwords as well is not what we
want here.
dist/strap/catalog.cfg | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
---
diff --git a/dist/strap/catalog.cfg b/dist/strap/catalog.cfg
index 693891a..1e10caa 100644
--- a/dist/strap/catalog.cfg
+++ b/dist/strap/catalog.cfg
@@ -270,7 +270,7 @@ UserDB default from_plain 1
UserDB default bcrypt_pepper __BCRYPT_PEPPER__
# Set to 1 to make the username and password case-insensitive
-UserDB default ignore_case 1
+UserDB default ignore_case 0
# Change a field to something that doesn't conflict in MySQL
UserDB default time_field mod_time
@@ -304,7 +304,6 @@ EOU
UserDB default logfile logs/userdb.log
# This makes the login username the user's email address
-# Uncomment to use
UserDB default indirect_login usernick
UserDB default assign_username 1
More information about the interchange-cvs
mailing list