Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SettingData TypeDescription
Blesta.hash_workintegerWork-factor for password hashing algorithms (between 4 and 31).
Blesta.max_failed_login_attemptsintegerThe maximum number of failed login attempts to permit from a given IP per hour.
Blesta.auth_legacy_passwordsbooleanSet to true to enable support for legacy passwords (plain md5). Set to false for improved security.
Blesta.verify_csrf_tokenbooleanEnable/disable automatic CSRF token verification.
Blesta.csrf_bypassarray

Bypasses automatic CSRF checking for a set of controllers and actions (eg. array(['client_login::index'])). CSRF checking is a security feature, BE SURE YOU KNOW WHAT YOU ARE DOING BEFORE SETTING THIS VALUE.

Common Examples:

LocationRoute Configuration
Client Login (~/client/login/)Configure::set("Blesta.csrf_bypass", array(['client_login::index']));
Domain Whois (~/order/config/preconfig...)Configure::set("Blesta.csrf_bypass", array(['config::preconfig']));
Registration (~/order/signup/index/...)Configure::set("Blesta.csrf_bypass", array(['signup::index']));

Separate exceptions with a comma. For example, if you wish to disable CSRF on the Client Login and Domain Whois pages, the route would look like this: Configure::set("Blesta.csrf_bypass", array(['client_login::index', 'config::preconfig']));

Blesta.system_keystring

The value used to generate the 256-bit AES key using HMAC SHA-256.


Warning
NEVER MODIFY THIS VALUE OR ALL ENCRYPTED DATA WILL BE LOST!


...