Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved Login Security #2731

Merged
merged 1 commit into from
Nov 4, 2024
Merged

Improved Login Security #2731

merged 1 commit into from
Nov 4, 2024

Conversation

pglombardo
Copy link
Owner

@pglombardo pglombardo commented Nov 4, 2024
edited
Loading

Description

This PR improves login security by:

  1. "Remember me" only remembers 1 week
  2. New login password length increased to 10 to 128 characters (previously 6 to 128)
  3. Login sessions now expire after 2 hours of activity

Being a security product dealing with sensitive information, these changes are appropriate.

Related Issue

Type of Change

  • 📚 Examples / docs / tutorials / dependencies update
  • 🔧 Bug fix (non-breaking change which fixes an issue)
  • 🥂 Improvement (non-breaking change which improves an existing feature)
  • 🚀 New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to change)
  • 🔐 Security fix

Checklist

  • I've written tests (if applicable) for all new methods and classes that I created. (rake test)
  • I've added documentation as necessary so users can easily use and understand this feature/fix.

@pglombardo pglombardo merged commit 00152c6 into master Nov 4, 2024
6 checks passed
@pglombardo pglombardo deleted the login-security branch November 4, 2024 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pglombardo