密碼安全¶
Weblate 如何儲存密碼¶
Weblate 使用 Django 的實作來儲存雜湊處理過的密碼;請參閱 How Django stores passwords。
推薦的 Weblate 配置使用 Argon2 搭配 time_cost = 2 、 memory_cost = 102400 與 parallelism = 8。
提示
密碼雜湊可以使用 PASSWORD_HASHERS 進行自訂。
密碼認證¶
When a user is configuring a password, it is validated to reduce the risk of using weak passwords.
The recommended Weblate configuration verifies:
The password has to be at least 10 characters long, and at most 72 characters long.
Password similar to username and other attributes is rejected.
A common or overly simple password is rejected.
Any password user used recently is rejected.
Password strength is optionally checked using the zxcvbn algorithm.
提示
密碼驗證可以使用 AUTH_PASSWORD_VALIDATORS 進行自訂。
Social or third-party authentication¶
Weblate does not store any passwords or enforce any password policy when social or third-party authentication is configured. The passwords are, in such a case, fully managed externally.
也參考
身分驗證