gPass/server/conf.php

88 lines
2.8 KiB
PHP
Raw Permalink Normal View History

<?php
/*
2017-07-19 19:12:56 +02:00
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
/*
User interface display or not ciphered passwords. Set to false avoid database leakage by user interface (but not by raw HTTP request).
*/
$VIEW_CIPHERED_PASSWORDS=true;
/*
Allows user creation
*/
$ADMIN_MODE=true;
/*
2017-04-17 20:37:26 +02:00
Number of iterations for PBKDF2 algorithm.
Minimum recommended level is 1000, but you can increase
this value to have a better security (need more computation
power).
!! Warning !! This impact master keys. So if you change
this value with existings masterkeys, they will unusable !
*/
2017-04-17 20:37:26 +02:00
$PBKDF2_LEVEL=1000;
2015-02-09 18:57:49 +01:00
/*
This is a security feature : It protects from database dump
and database purge without authentication.
When get all entries, instead of returning logins/passwords,
it returns "shadow logins". These are random values.
Shadow logins must be encrypted using masterkey and salt
2017-04-17 20:37:26 +02:00
(to generate a unique PBKDF2 derivation) that result in an access tokens.
2015-02-09 18:57:49 +01:00
With this access token, user has the right to get
encrypted login/password values and remove them.
2017-07-19 19:12:56 +02:00
It's a kind of challenge but requires more cpu bandwidth
(one derivation + two decryption for each password !).
2015-02-09 18:57:49 +01:00
This option is backward compatible with old version < 0.6
2015-02-09 18:57:49 +01:00
*/
2017-04-17 20:37:26 +02:00
$USE_SHADOW_LOGINS=1;
/*
Protection against DDoS.
2017-07-19 19:12:56 +02:00
Each request can contains multiple password combinations
(to support wildcards for example) and multiple names.
Currently only two passwords are sent from addon :
www.example.com
*.example.com
But, on future we may also consider 'www.example.*', '*.example.*' and lower case username.
2017-07-19 19:12:56 +02:00
For maximum security, you can set it to 2 or 4 if you want to be backward compatible
with addons/extions <= 0.7.
*/
$MAX_PASSWORDS_PER_REQUEST=10;
/*
Protection against brute force.
Minimum delay (in milliseconds) between two requests.
*/
$REQUESTS_MIN_DELAY=1000;
/*
Clear master keys and reset passwords after 15 minutes of inactivity
*/
$CLEAR_TIME=15*60*1000;
/*
The first crypto schema use an AES-ECB process to encrypt logins.
It's used until version 0.7.
Since version 0.8, we use AES-CBC + SHA256.
*/
$CRYPTO_V1_COMPATIBLE=1;
?>