Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] Require password confirmations by default
- the setting is optional, but the default should be that it's required unless disabled

- As reported by Patrix Kontura from ESET
  • Loading branch information
iglocska committed Jan 19, 2021
1 parent 95ba8d0 commit afbf95a
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions app/Config/config.default.php
Expand Up @@ -6,6 +6,7 @@
'level' => 'medium',
'salt' => '',
'cipherSeed' => '',
'require_password_confirmation' => true
//'auth'=>array('CertAuth.Certificate'), // additional authentication methods
//'auth'=>array('ShibbAuth.ApacheShibb'),
),
Expand Down

0 comments on commit afbf95a

Please sign in to comment.