Sha256: 6e39e7736270a0d43359cf899efb04a49e7261ee00739176e2e4434e2a7db780
Contents?: true
Size: 1.72 KB
Versions: 37
Compression:
Stored size: 1.72 KB
Contents
= Documentation for Disallow Password Reuse Feature The disallow password reuse feature disallows setting of a password that matches a number of previous passwords (6 by default). On databases where Rodauth supports the use of database authentication functions, Rodauth also supports the use of database functions for checking previous passwords, so previous password hashes enjoy the same database security as current password hashes. It is not recommended to use this feature unless you have a policy that requires it. This will significantly slow down setting a new password due to the need to check all of the previous stored passwords. Additionally, storing previous passwords means that if attackers can get access to the the database, they can get the previous stored passwords in addition to the current password. == Auth Value Methods password_same_as_previous_password_message :: The error message fragment to display if the given password is the same as a previous password. previous_password_account_id_column :: The column in the +previous_password_hash_table+ that stores the account id. previous_password_hash_column :: The column in the +previous_password_hash_table+ that stores the password hash. previous_password_hash_table :: The table storing previous password hashes. previous_password_id_column :: The column in the +previous_password_hash_table+ that stores the autoincrementing primary key. previous_passwords_to_check :: The number of previous password hashes to store and check. == Auth Methods add_previous_password_hash(hash) :: Add the given hash to the list of previous hashes for the current account. password_doesnt_match_previous_password?(password) :: Whether the password given matches any of the previous passwords.
Version data entries
37 entries across 37 versions & 1 rubygems