git.heureux-cyclage.org - lhc/web/wiklou.git/commit

author	Brian Wolff <bawolff+wn@gmail.com>
	Sun, 22 Nov 2015 07:45:02 +0000 (02:45 -0500)
committer	Brian Wolff <bawolff+wn@gmail.com>
	Wed, 25 Nov 2015 22:02:33 +0000 (17:02 -0500)
commit	2d15dcfc3f4bf81552b378ce5003661c1681b38c
tree	b5c0ec512e31c9967c063df576018ec5e5268e6d	tree \| snapshot
parent	179009b69eb46499ddd6cb1acced8ad8b4f9c2fd	commit \| diff

Add support for blacklisting common passwords

This changes the default config to not allow the top 25 passwords
to be used by Sysop/Crats. This should almost certainly be set to
a higher number, but I think its best to wait until after this is
comitted to argue over what the best value is.

I would expect that once this is comitted, there would be a config
change for wmf wikis, so that there is no change until this has
been discussed with the community.

The included common password file was generated from the first
10000 entries of
https://github.com/danielmiessler/SecLists/blob/master/Passwords/rockyou.txt?raw=true
10,000 was chosen based on csteipp's suggestion.

Change-Id: I26a9e8f2318a1eed33d7638b125695e8de3a9796

includes/DefaultSettings.php		diff \| blob \| history
includes/password/PasswordPolicyChecks.php		diff \| blob \| history
languages/i18n/en.json		diff \| blob \| history
languages/i18n/qqq.json		diff \| blob \| history
maintenance/createCommonPasswordCdb.php	[new file with mode: 0644]	blob
serialized/commonpasswords.cdb	[new file with mode: 0644]	blob