diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2021-05-28 11:13:28 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-28 11:13:28 +0300 |
commit | fd5fa561389b1e72ddc966e6f575ddfb46072c67 (patch) | |
tree | 7023ee8f11382ac4ff72d312f7b1bcb77b719c0a /config.php.sample | |
parent | 32f5772c9fdd641ba68112dbf29074fe05758c43 (diff) |
Fix several security concerns (#1471)
* Use REMOTE_ADDR field
The other ones are not used at all. This would allow someone to spoof
the configured IP address and bypass any rate limit.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add basic ratelimiting class
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Remove Mautic submission form
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Replace captcha with ratelimiter
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Space + tabs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Dont check if no REDIS is defined in config
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'config.php.sample')
-rw-r--r-- | config.php.sample | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/config.php.sample b/config.php.sample index c634cce5..14b7336a 100644 --- a/config.php.sample +++ b/config.php.sample @@ -8,13 +8,6 @@ define('OFFICIALAUTHORID', 1); // Enables or disables the piwik tracking code define('PIWIKTRACKING', 0); -// Recaptcha -DEFINE('RECAPTCHA_SITEKEY', ''); -DEFINE('RECAPTCHA_SECRET', ''); -define('MAUTIC_URL', 'https://mautic.nextcloud.com'); -define('MAUTIC_USERNAME', 'username'); -define('MAUTIC_PASSWORD', 'password'); - // Providers define('PROVIDERS_FILE', ABSPATH . 'preferred.json'); define('REDIS', 'tcp://127.0.0.1:6379'); |