Mercurial > p > roundup > code
diff doc/upgrading.txt @ 6684:9ca5cbffa0c4
Switch off using blank passwords for login
There is now a config.ini setting [web] login_empty_passwords to
enable logins for users without a password set. By default it's off
and every user must have a password.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 23 May 2022 17:31:50 -0400 |
| parents | 120b0bb05b6e |
| children | f1f2d59dab8b |
line wrap: on
line diff
--- a/doc/upgrading.txt Sun May 22 20:36:36 2022 -0400 +++ b/doc/upgrading.txt Mon May 23 17:31:50 2022 -0400 @@ -69,6 +69,15 @@ reindex`` if you want to index or search for longer words in your full text searches. Re-indexing make take some time. +Check new login_empty_passwords setting +--------------------------------------- + +In this version of Roundup, users with a blank password are not +allowed to login. Blank passwords have been allowed since 2002, but +2022 is a different time. If you have a use case that requires a user +to login without a password, set the ``login_empty_passwords`` setting +in the ``web`` section of ``config.ini`` to ``yes``. + Check compression settings (optional) -------------------------------------