Closed Baschdl closed 3 years ago
Not having changed /login/
yet isn't really an argument for me. We can decide together that it doesn't matter and just close this PR but the login sites of the popular frameworks are targeted in my experience.
the login is actually under matching/login
so that should be safe
I don't see the need for this, enforcing and encouraging safe passwords seems better than changing the default URLs in my mind. It is still only security through obscurity. It gives a false sense of security in my opinion. But If you need to have it feel free to merge.
@maltezacharias We basically have two really safe options: preventing passwords which are too easy for a dictionary attack or use something like fail2ban. In my opinion, none of them will be implemented in the remaining time, so that's the best we can do.
Use another url for
/admin/
to make it a bit harder for script kiddiesFixes #158