Jump to content

Manual:$wgPasswordDefault

From mediawiki.org
This page is a translated version of the page Manual:$wgPasswordDefault and the translation is 36% complete.
認証: $wgPasswordDefault
Default password type to use when hashing user passwords.
導入されたバージョン:1.24.0 (Gerrit change 77645; git #95a8974c)
除去されたバージョン:使用中
許容される値:(文字列)
既定値:'pbkdf2'

詳細

Default password type to use when hashing user passwords. A and B are considered insecure by modern standards. PBKDF2 and bcrypt are considered to be of moderate security level and Argon2 is the most secure value of currently supported options. After changing this setting, users will have their password updated to the new format on next login.

既定値の変更

  1. Check the "DefaultSettings.php" file in the ../includes directory for the available and preset password encryption types.
    (As of MW 1.33: A, B, pbkdf2-legacyA, pbkdf2-legacyB, bcrypt, pbkdf2, argon2)
  2. Add $wgPasswordDefault with the parameter to the "LocalSettings.php" file in case you want to change the encryption, e.g. to restore the old MD5 hashing:
    $wgPasswordDefault = 'B';
    
  3. In order for the password to be saved in a new format, one login from each user has to be done. This way the database is updated.
    Alternatively you can use the wrapOldPasswords.php maintenance script to convert the hashing algorithm of all passwords without waiting for users to log in. Note that this script only works for pbkdf2-legacyA, pbkdf2-legacyB.
  4. Check in the MySQL-database whether the new format has been applied to the fields.
    Select user_password from wikidbname.user where user_password like ':B:%';
    

関連項目