manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
manual:installation:requirements:best_practices [2021/08/10 09:39]
marinagen [Hiding the file with list of common passwords] some rewording
manual:installation:requirements:best_practices [2021/08/10 09:51] (current)
vmurzins [Hiding the file with list of common passwords] added link to password policy
Line 185: Line 185:
 === Hiding the file with list of common passwords === === Hiding the file with list of common passwords ===
  
-To increase the complexity of password brute force attacks, it is suggested to limit access to the file ''​ui/​data/​top_passwords.txt''​ by modifying web server configuration. This file contains a list of the most common and context-specific passwords, and is used to prevent users from setting such passwords if //Avoid easy-to-guess passwords// parameter is enabled in the password policy. ​+To increase the complexity of password brute force attacks, it is suggested to limit access to the file ''​ui/​data/​top_passwords.txt''​ by modifying web server configuration. This file contains a list of the most common and context-specific passwords, and is used to prevent users from setting such passwords if //Avoid easy-to-guess passwords// parameter is enabled in the [[:​manual/​web_interface/​frontend_sections/​administration/​authentication#​internal_authentication|password policy]]
  
 For example, on NGINX file access can be limited by using the ''​location''​ directive: For example, on NGINX file access can be limited by using the ''​location''​ directive: