Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/security
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-08-20 21:42:06 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-08-20 21:42:06 +0300
commit6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch)
tree78be5963ec075d80116a932011d695dd33910b4e /doc/security
parent1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff)
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'doc/security')
-rw-r--r--doc/security/README.md1
-rw-r--r--doc/security/cicd_environment_variables.md4
-rw-r--r--doc/security/passwords_for_integrated_authentication_methods.md14
-rw-r--r--doc/security/ssh_keys_restrictions.md3
-rw-r--r--doc/security/two_factor_authentication.md8
-rw-r--r--doc/security/user_email_confirmation.md3
-rw-r--r--doc/security/user_file_uploads.md5
-rw-r--r--doc/security/webhooks.md2
8 files changed, 35 insertions, 5 deletions
diff --git a/doc/security/README.md b/doc/security/README.md
index e2375c0f0b5..bbc7db54b14 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -7,6 +7,7 @@ type: index
- [Password storage](password_storage.md)
- [Password length limits](password_length_limits.md)
+- [Generated passwords for users created through integrated authentication](passwords_for_integrated_authentication_methods.md)
- [Restrict SSH key technologies and minimum length](ssh_keys_restrictions.md)
- [Rate limits](rate_limits.md)
- [Webhooks and insecure internal web services](webhooks.md)
diff --git a/doc/security/cicd_environment_variables.md b/doc/security/cicd_environment_variables.md
index ea597ea05f2..b8fe14e2d3b 100644
--- a/doc/security/cicd_environment_variables.md
+++ b/doc/security/cicd_environment_variables.md
@@ -1,5 +1,7 @@
---
-type: reference
+stage: Release
+group: Release Management
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# CI/CD Environment Variables
diff --git a/doc/security/passwords_for_integrated_authentication_methods.md b/doc/security/passwords_for_integrated_authentication_methods.md
new file mode 100644
index 00000000000..704af49b2d2
--- /dev/null
+++ b/doc/security/passwords_for_integrated_authentication_methods.md
@@ -0,0 +1,14 @@
+---
+type: reference
+---
+
+# Generated passwords for users created through integrated authentication
+
+GitLab allows users to set up accounts through integration with external [authentication and authorization providers](../administration/auth/README.md).
+
+These authentication methods do not require the user to explicitly create a password for their accounts.
+However, to maintain data consistency, GitLab requires passwords for all user accounts.
+
+For such accounts, we use the [`friendly_token`](https://github.com/heartcombo/devise/blob/f26e05c20079c9acded3c0ee16da0df435a28997/lib/devise.rb#L492) method provided by the Devise gem to generate a random, unique and secure password and sets it as the account password during sign up.
+
+The length of the generated password is the set based on the value of [maximum password length](password_length_limits.md#modify-maximum-password-length-using-configuration-file) as set in the Devise configuation. The default value is 128 characters.
diff --git a/doc/security/ssh_keys_restrictions.md b/doc/security/ssh_keys_restrictions.md
index 47eccf665d3..903a28136ad 100644
--- a/doc/security/ssh_keys_restrictions.md
+++ b/doc/security/ssh_keys_restrictions.md
@@ -1,5 +1,8 @@
---
type: reference, howto
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# Restrict allowed SSH key technologies and minimum length
diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md
index 886154aac6d..9d49e1d3af2 100644
--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
@@ -1,5 +1,8 @@
---
type: howto
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# Enforce Two-factor Authentication (2FA)
@@ -36,8 +39,9 @@ period to `0`.
If you want to enforce 2FA only for certain groups, you can:
-1. Enable it in the group's **Settings > General** page.
-1. Optionally specify a grace period as above.
+1. Enable it in the group's **Settings > General** page. Navigate to **Permissions, LFS, 2FA > Two-factor authentication**.
+You can then check the **Require all users in this group to setup Two-factor authentication** option.
+1. You can also specify a grace period in the **Time before enforced** option.
To change this setting, you need to be administrator or owner of the group.
diff --git a/doc/security/user_email_confirmation.md b/doc/security/user_email_confirmation.md
index a493b374d66..6260c76bff9 100644
--- a/doc/security/user_email_confirmation.md
+++ b/doc/security/user_email_confirmation.md
@@ -1,5 +1,8 @@
---
type: howto
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# User email confirmation at sign-up
diff --git a/doc/security/user_file_uploads.md b/doc/security/user_file_uploads.md
index 9fc8f7ec985..662e115d1ed 100644
--- a/doc/security/user_file_uploads.md
+++ b/doc/security/user_file_uploads.md
@@ -1,5 +1,8 @@
---
type: reference
+stage: Manage
+group: Access
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
# User File Uploads
@@ -15,7 +18,7 @@ notification emails, which are often read from email clients that are not
authenticated with GitLab, such as Outlook, Apple Mail, or the Mail app on your
mobile device.
->**Note:**
+NOTE: **Note:**
Non-image attachments do require authentication to be viewed.
<!-- ## Troubleshooting
diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md
index af9be499e80..3d7aa3026ab 100644
--- a/doc/security/webhooks.md
+++ b/doc/security/webhooks.md
@@ -5,7 +5,7 @@ type: concepts, reference, howto
# Webhooks and insecure internal web services
NOTE: **Note:**
-On GitLab.com the [maximum number of webhooks](../user/gitlab_com/index.md#maximum-number-of-webhooks) per project is limited.
+On GitLab.com, the [maximum number of webhooks and their size](../user/gitlab_com/index.md#webhooks) per project, and per group, is limited.
If you have non-GitLab web services running on your GitLab server or within its
local network, these may be vulnerable to exploitation via Webhooks.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-11 22:42:04 +0300