-
Current versions of Symphony create a lot of useless session rows in the database when XSRF protection is active and entries are posted in the backend. Session data look like:
```
sym-|a:1:{s:10:"xsr…
-
Should probably be a string as atoms can be easily fetched with `current_atom/1`
-
It's visible in issue #365 that CPU usage can be quite high with some password hashing algorithms involved in user auth validation. Given that such use cases generally see the same login+password repe…
-
Some users may forget their username, so username recovery based on their email would be a welcome feature
-
We found insecure configuration issues with OpenSSH on {devices}. To improve the security posture of your node, please consider making the following changes: {changes}
part of #198
-
# Fail2Ban setup
- [ ] [~Wordpress jail setup~
](https://www.digitalocean.com/community/tutorials/how-to-protect-wordpress-with-fail2ban-on-ubuntu-14-04)
- [x] Secure wp-login page:
- [Guide 1…
-
`isThrottled` method (in `localAuthentication::login`) should be called earlier, just after selecting user from database. Current implementation creates vulnerability.
Vulnerability scenario, where a…
-
- [x] Setup basic passphrase based authentication when sending pastes over HTTPS
- [x] Consider using HTTP headers for passing the passphrase, `X-Auth-Passphrase`
- [x] Use environment variables, do…
-
I have got a moderately sized password database with around 200 entries. For security, it uses 10 million key transformation rounds. Keepass2Android can open this database in 15 seconds on a Motorola …
-