Password security - Githubissues

CTF-Cafe / CTF_Cafe_platform

A full CTF Website Server & Frontend | Extremely customizable

Other

52 stars 8 forks source link

Password security #9

Closed ghost closed 2 years ago

ghost commented 2 years ago

The user accounts are a bit insecure. I would suggest that: ~~- [ ] The default admin password be randomized~~

[x] We use bcrypt hashes

I'll mark those as complete when/if they get done. Feel free to share your thoughts.

RaxoCoding commented 2 years ago

Will do this today

RaxoCoding commented 2 years ago

For the admin password, it doesn't matter its just a temporary account to login, they should delete it right after setup when they have created another account

ghost commented 2 years ago

For the admin password, it doesn't matter its just a temporary account to login, they should delete it right after setup when they have created another account

Well, I feel that we should require them to do that then. See: https://en.wikipedia.org/wiki/Secure_by_default

ghost commented 2 years ago

Moving to #17