...
Setting | Data Type | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
Blesta.hash_work | integer | Work-factor for password hashing algorithms (between 4 and 31). | ||||||||
Blesta.max_failed_login_attempts | integer | The maximum number of failed login attempts to permit from a given IP per hour. | ||||||||
Blesta.auth_legacy_passwords | boolean | Set to true to enable support for legacy passwords (plain md5). Set to false for improved security. | ||||||||
Blesta.verify_csrf_token | boolean | Enable/disable automatic CSRF token verification. | ||||||||
Blesta.csrf_bypass | array | Bypasses automatic CSRF checking for a set of controllers and actions (eg. array(['client_login::index'])). CSRF checking is a security feature, BE SURE YOU KNOW WHAT YOU ARE DOING BEFORE SETTING THIS VALUE. Common Examples:
Separate exceptions with a comma. For example, if you wish to disable CSRF on the Client Login and Domain Whois pages, the route would look like this: Configure::set("Blesta.csrf_bypass", array(['client_login::index', 'config::preconfig')]); | ||||||||
Blesta.system_key | string | The value used to generate the 256-bit AES key using HMAC SHA-256.
|
...