* Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead.
* - PasswordNotInLargeBlacklist - Password not in best practices list of
* 100,000 commonly used passwords. Due to the size of the list this
- * is a probabilistic test.
+ * is a probabilistic test.
*
* If you add custom checks, for Special:PasswordPolicies to display them correctly,
* every check should have a corresponding passwordpolicies-policy-<check> message,
'bureaucrat' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'sysop' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'interface-admin' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'bot' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
+ 'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
],
],
'checks' => [
* which case there is a possibility of an attacker discovering the names of revdeleted users, so
* it is best to use this in conjunction with $wgSecretKey being set).
*/
-$wgCookieSetOnAutoblock = false;
+$wgCookieSetOnAutoblock = true;
/**
* Whether to set a cookie when a logged-out user is blocked. Doing so means that a blocked user,
* case there is a possibility of an attacker discovering the names of revdeleted users, so it
* is best to use this in conjunction with $wgSecretKey being set).
*/
-$wgCookieSetOnIpBlock = false;
+$wgCookieSetOnIpBlock = true;
/** @} */ # end of cookie settings }