From: Gergő Tisza Date: Thu, 20 Dec 2018 22:51:14 +0000 (-0800) Subject: Simplify default password policy X-Git-Tag: 1.34.0-rc.0~3184 X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=a183aee89e506183323b905153b302d54cd34d49;hp=eb741da7a18c7f52dc2e2b55c4f34e69362b5c7f Simplify default password policy * Remove PasswordNotInLargeBlacklist => false, it's a no-op * Deduplicate PasswordCannotMatchUsername * Remove PasswordCannotBePopular. There is no point in using both PasswordCannotBePopular (top 10K passwords from SecLists) and PasswordNotInLargeBlacklist (top 100K passwords from SecLists), and the CDB lookup is probably not that cheap. Change-Id: I868846931988b88f06800e42861e82e2bb0bc427 --- diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index b78da06381..7f0f59d5ca 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4500,28 +4500,21 @@ $wgPasswordPolicy = [ 'bureaucrat' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, 'PasswordNotInLargeBlacklist' => true, ], 'sysop' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, 'PasswordNotInLargeBlacklist' => true, ], 'interface-admin' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, - 'PasswordCannotBePopular' => 25, 'PasswordNotInLargeBlacklist' => true, ], 'bot' => [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 1, - 'PasswordCannotMatchUsername' => true, 'PasswordNotInLargeBlacklist' => true, ], 'default' => [ @@ -4529,7 +4522,6 @@ $wgPasswordPolicy = [ 'PasswordCannotMatchUsername' => true, 'PasswordCannotMatchBlacklist' => true, 'MaximalPasswordLength' => 4096, - 'PasswordNotInLargeBlacklist' => false, ], ], 'checks' => [