Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have you considered the OWASP recommendations for password storage? #9

Open
ptaoussanis opened this issue Mar 20, 2024 · 1 comment
Open

Have you considered the OWASP recommendations for password storage? #9

ptaoussanis opened this issue Mar 20, 2024 · 1 comment
Assignees
@ptaoussanis
Labels
question/usage

Comments

@ptaoussanis
Copy link
Member

Moving a question from @ieugen below:

A different question (maybe another issue?).
Have you considered the OWASP recommendations for password storage?
Would it make sense to have an opinionated module that users can use and get Tempel with pre-configured options following OWASP recommendations ?

I know some people who do compliance find these certifications / recommendations very important.
I know they change over time so adding the year in the name would make it easy to check and switch: :owasp-2024-xxx .

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#maximum-password-lengths
@ptaoussanis
Copy link
Member Author

Tempel can already meet the linked OWASP recommendations, would just need to document how users can do that.

If there's interest, I'm happy to add this to the next wiki docs update 👍

@ptaoussanis ptaoussanis mentioned this issue Mar 20, 2024
Open
@ptaoussanis ptaoussanis self-assigned this Mar 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ptaoussanis ptaoussanis

Labels
question/usage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ptaoussanis