dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: eb741da)
Simplify default password policy
authorGergő Tisza <tgr.huwiki@gmail.com>
Thu, 20 Dec 2018 22:51:14 +0000 (14:51 -0800)
committerReedy <reedy@wikimedia.org>
Thu, 27 Dec 2018 20:25:40 +0000 (20:25 +0000)
* Remove PasswordNotInLargeBlacklist => false, it's a no-op
* Deduplicate PasswordCannotMatchUsername
* Remove PasswordCannotBePopular. There is no point in using both
  PasswordCannotBePopular (top 10K passwords from SecLists) and
  PasswordNotInLargeBlacklist (top 100K passwords from SecLists),
  and the CDB lookup is probably not that cheap.

Change-Id: I868846931988b88f06800e42861e82e2bb0bc427

includes/DefaultSettings.php patch | blob | history

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index b78da06..7f0f59d 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4500,28 +4500,21 @@ $wgPasswordPolicy = [
                'bureaucrat' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordCannotMatchUsername' => true,
-                       'PasswordCannotBePopular' => 25,
                        'PasswordNotInLargeBlacklist' => true,
                ],
                'sysop' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordCannotMatchUsername' => true,
-                       'PasswordCannotBePopular' => 25,
                        'PasswordNotInLargeBlacklist' => true,
                ],
                'interface-admin' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordCannotMatchUsername' => true,
-                       'PasswordCannotBePopular' => 25,
                        'PasswordNotInLargeBlacklist' => true,
                ],
                'bot' => [
                        'MinimalPasswordLength' => 10,
                        'MinimumPasswordLengthToLogin' => 1,
-                       'PasswordCannotMatchUsername' => true,
                        'PasswordNotInLargeBlacklist' => true,
                ],
                'default' => [
@@ -4529,7 +4522,6 @@ $wgPasswordPolicy = [
                        'PasswordCannotMatchUsername' => true,
                        'PasswordCannotMatchBlacklist' => true,
                        'MaximalPasswordLength' => 4096,
-                       'PasswordNotInLargeBlacklist' => false,
                ],
        ],
        'checks' => [
Wiklou, le Wiki du Wiklou