self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-09-16 09:06:32 +02:00
Code Issues Releases Activity

Improve the description of CREDENTIAL_ROUNDS

Browse Source
This commit is contained in:
Florent Daigniere
2021-02-09 09:33:37 +01:00
parent df230cb482
commit 20d2b621aa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/configuration.rst
View File

@@ -138,7 +138,7 @@ Depending on your particular deployment you most probably will want to change th
Advanced settings
-----------------
The ``CREDENTIAL_ROUNDS`` (default: 12) is the number of rounds used by the password hashing scheme. You should use the default value.
The ``CREDENTIAL_ROUNDS`` (default: 12) setting is the number of rounds used by the password hashing scheme. The number of rounds can be reduced in case faster authentication is needed or increased when additional protection is desired. Keep in mind that this is a mitigation against offline attacks on password hashes, aiming to prevent credential stuffing (due to password re-use) on other systems.
The ``SESSION_COOKIE_SECURE`` (default: True) setting controls the secure flag on the cookies of the administrative interface. It should only be turned off if you intend to access it over plain HTTP.