manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:installation:requirements:best_practices [2021/08/10 08:57]
vmurzins [Hiding the file with list of common passwords] typo
manual:installation:requirements:best_practices [2021/08/10 09:51]
vmurzins [Hiding the file with list of common passwords] added link to password policy
Line 185: Line 185:
 === Hiding the file with list of common passwords === === Hiding the file with list of common passwords ===
  
-If //Avoid easy-to-guess passwords// parameter is enabled in the [[manual/​web_interface/​frontend_sections/​administration/​authentication#​internal_authentication|password policy]], access to the file ''​ui/​data/​top_passwords.txt''​ should be limited by modifying web server configuration+To increase the complexity of password brute force attacks, it is suggested to limit access to the file ''​ui/​data/​top_passwords.txt''​ by modifying web server configuration. This file contains a list of the most common and context-specific passwords, and is used to prevent users from setting such passwords if //Avoid easy-to-guess passwords// parameter is enabled in the [[:manual/​web_interface/​frontend_sections/​administration/​authentication#​internal_authentication|password policy]]. ​
  
-For example, on NGINX this can be done by using the ''​location''​ directive:+For example, on NGINX file access ​can be limited ​by using the ''​location''​ directive:
  
 <​code>​ <​code>​