##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
security: limit the maximum password lenght to 72 characters to prevent possible...
security: limit the maximum password lenght to 72 characters to prevent possible server side resource consumption attack. - bcrypt heavy computation can lead to DOS using a very long password .eg 10**8 lenght. - we allowed this on registration or on password update
marcink - - Load All Authors

File last commit:

r1:854a839a default
r2128:f22a9ea9 default
Show More
sec-instance-basics.rst
31 lines | 1.2 KiB | text/x-rst | RstLexer
/ docs / admin / sec-instance-basics.rst
History | Annotation | Raw |Copy content |Copy permalink

3 Basic User Security Steps

By implementing the following user configuration tasks, you will help to secure your |RCE| instances.

Define the Instance Wide Default User

The default user settings are applied across the whole instance. You should define the default user so that newly created users immediately have permission settings attached to their profile. For more information about defining the default user settings, see the :ref:`default-perms` section.

Configure Specific User Groups

By defining user groups, it allows you to put users into them and have the group permissions applied to their profile. For more information about defining the default user settings, see the :ref:`user-admin-set` section.

Define the Default User in Each Group

Apart from the system wide user permissions, each user group can apply its settings to the default user permissions within the scope of the group. To set the default user's permissions inside a user group, see the :ref:`permissions-info-repo-group-access` section.