manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Last revision Both sides next revision
manual:installation:requirements:best_practices [2021/08/10 08:57]
vmurzins [Hiding the file with list of common passwords] typo
manual:installation:requirements:best_practices [2021/08/10 09:39]
marinagen [Hiding the file with list of common passwords] some rewording
Line 185: Line 185:
 === Hiding the file with list of common passwords === === Hiding the file with list of common passwords ===
  
-If //Avoid easy-to-guess passwords// parameter is enabled in the [[manual/​web_interface/​frontend_sections/​administration/​authentication#​internal_authentication|password ​policy]], access to the file ''​ui/​data/​top_passwords.txt'' ​should be limited ​by modifying web server configuration. ​+To increase ​the complexity of password ​brute force attacksit is suggested to limit access to the file ''​ui/​data/​top_passwords.txt''​ by modifying web server configuration. This file contains a list of the most common and context-specific passwords, and is used to prevent users from setting such passwords if //Avoid easy-to-guess passwords// parameter is enabled in the password policy
  
-For example, on NGINX this can be done by using the ''​location''​ directive:+For example, on NGINX file access ​can be limited ​by using the ''​location''​ directive:
  
 <​code>​ <​code>​