...
| Setting | Data Type | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Blesta.hash_work | integer | Work-factor for password hashing algorithms (between 4 and 31). | ||||||||
| Blesta.max_failed_login_attempts | integer | The maximum number of failed login attempts to permit from a given IP per hour. | ||||||||
| Blesta.auth_legacy_passwords | boolean | Set to true to enable support for legacy passwords (plain md5). Set to false for improved security. | ||||||||
| Blesta.verify_csrf_token | boolean | Enable/disable automatic CSRF token verification. | ||||||||
| Blesta.csrf_bypass | array | Bypasses automatic CSRF checking for a set of controllers and actions (eg. array('client_login::index')). CSRF checking is a security feature, BE SURE YOU KNOW WHAT YOU ARE DOING BEFORE SETTING THIS VALUE. Common Examples:
Separate exceptions with a comma. For example, if you wish to disable CSRF on the Client Login and Domain Whois pages, the route would look like this: Configure::set("Blesta.csrf_bypass", array('client_login::index', 'config::preconfig')); | ||||||||
| Blesta.system_key | string | The value used to generate the 256-bit AES key using HMAC SHA-256. NEVER MODIFY THIS VALUE OR ALL ENCRYPTED DATA WILL BE LOST! |
...