mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-01 08:20:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7485 from owncloud/mmattel-patch-1

Browse Source 
[docs-only] Update frontend service README.md
This commit is contained in:
Martin
2023-10-13 12:28:19 +02:00
committed by GitHub
parent 445abc09f4 55c9a95eea
commit c9ca9a6dcd
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/frontend/README.md
+12 -10
View File
@@ -66,25 +66,27 @@ When setting the `FRONTEND_AUTO_ACCEPT_SHARES` to `true`, all incoming shares wi
## The password policy
Note that the password policy currently impacts _only_ public link password validation.
Note that the password policy currently impacts only **public link password validation**.
With the password policy, mandatory criteria for the password can be defined via the environment variables listed below.
Generally, a password can contain any UTF-8 characters, however some characters are regarded as special since they are not used in ordinary texts. Which characters should be treated as special is defined by "The OWASP® Foundation" [password-special-characters](https://owasp.org/www-community/password-special-characters) (between double quotes): " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
Note that a password can have a maximum length of **72 bytes**. Depending on the alphabet used, a character is encoded by 1 to 4 bytes, defining the maximum length of a password indirectly. While US-ASCII will only need one byte, Latin alphabets and also Greek or Cyrillic ones need two bytes. Three bytes are needed for characters in Chinese, Japanese and Korean etc.
The validation against the banned passwords list can be configured via a text file with words separated by new lines. If a user tries to set a password listed in the banned passwords list, the password can not be used (is invalid) even if the other mandatory criteria are passed. The admin can define the path of the banned passwords list file. If the file doesn't exist in a location, Infinite Scale tries to load a file from the `OCIS_CONFIG_DIR/FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`. An option will be enabled when the file has been loaded successfully.
- `FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS`
Following environment variables can be set to define the password policy behaviour:
- `FRONTEND_PASSWORD_POLICY_MIN_CHARACTERS`
Define the minimum password length.
- `FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`
- `FRONTEND_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS`
Define the minimum number of uppercase letters.
- `FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`
- `FRONTEND_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS`
Define the minimum number of lowercase letters.
- `FRONTEND_PASSWORD_POLICY_MIN_DIGITS`
- `FRONTEND_PASSWORD_POLICY_MIN_DIGITS`
Define the minimum number of digits.
- `FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`
- `FRONTEND_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS`
Define the minimum number of special characters.
- `FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`
Define the path to the banned password list file.
- `FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST`
Path to the 'banned passwords list' file.
Note that a password can have a maximum length of **72 bytes**. Depending on the alphabet used, a character is encoded by 1 to 4 bytes, defining the maximum length of a password indirectly. While US-ASCII will only need one byte, Latin alphabets and also Greek or Cyrillic ones need two bytes. Three bytes are needed for characters in Chinese, Japanese and Korean etc.