diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
commit | 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch) | |
tree | c8f718a08e110ad7e1894510980d2155a6549197 /doc/security | |
parent | e852b0ae16db4052c1c567d9efa4facc81146e88 (diff) |
Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42
Diffstat (limited to 'doc/security')
-rw-r--r-- | doc/security/README.md | 3 | ||||
-rw-r--r-- | doc/security/asset_proxy.md | 6 | ||||
-rw-r--r-- | doc/security/crime_vulnerability.md | 3 | ||||
-rw-r--r-- | doc/security/information_exclusivity.md | 3 | ||||
-rw-r--r-- | doc/security/password_length_limits.md | 47 | ||||
-rw-r--r-- | doc/security/password_storage.md | 3 | ||||
-rw-r--r-- | doc/security/passwords_for_integrated_authentication_methods.md | 3 | ||||
-rw-r--r-- | doc/security/project_import_decompressed_archive_size_limits.md | 3 | ||||
-rw-r--r-- | doc/security/rack_attack.md | 3 | ||||
-rw-r--r-- | doc/security/rate_limits.md | 3 | ||||
-rw-r--r-- | doc/security/reset_user_password.md | 10 | ||||
-rw-r--r-- | doc/security/two_factor_authentication.md | 22 | ||||
-rw-r--r-- | doc/security/unlock_user.md | 3 | ||||
-rw-r--r-- | doc/security/webhooks.md | 3 |
14 files changed, 80 insertions, 35 deletions
diff --git a/doc/security/README.md b/doc/security/README.md index f8b9e423c04..a8947ef3de9 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers comments: false type: index --- diff --git a/doc/security/asset_proxy.md b/doc/security/asset_proxy.md index fdceecdf386..7eb6d5067e2 100644 --- a/doc/security/asset_proxy.md +++ b/doc/security/asset_proxy.md @@ -1,3 +1,9 @@ +--- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + # Proxying assets A possible security concern when managing a public facing GitLab instance is diff --git a/doc/security/crime_vulnerability.md b/doc/security/crime_vulnerability.md index 2496029d93e..4571f0051d8 100644 --- a/doc/security/crime_vulnerability.md +++ b/doc/security/crime_vulnerability.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference --- diff --git a/doc/security/information_exclusivity.md b/doc/security/information_exclusivity.md index 7c3d7284f25..a8c4a4e878e 100644 --- a/doc/security/information_exclusivity.md +++ b/doc/security/information_exclusivity.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: concepts --- diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md index 5354fe30082..b8d329ab342 100644 --- a/doc/security/password_length_limits.md +++ b/doc/security/password_length_limits.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference, howto --- @@ -11,11 +14,31 @@ By default, GitLab supports passwords with: GitLab administrators can modify password lengths: -- Using configuration file. -- [From](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20661) GitLab 12.6, using the GitLab UI. +- Using the GitLab UI. **[From](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20661) GitLab 12.6 this is the only available option.** +- Using configuration file. **Up to GitLab 12.5**. + +Changing the minimum or maximum length does not affect existing user passwords. Existing users are +not asked to reset their password to adhere to the new limits. The new limit restriction applies +only during new user sign-ups and when an existing user performs a password reset. + +## Modify minimum password length using GitLab UI + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20661) in GitLab 12.6 + +The user password length is set to a minimum of 8 characters by default. + +To change the minimum password length using GitLab UI: + +1. Go to **Admin Area > Settings**, then select **Sign-up restrictions**. + + ![Minimum password length settings](../user/admin_area/img/minimum_password_length_settings_v12_6.png) + +1. Input a **Minimum password length** value greater than or equal to 8, then select **Save changes**. ## Modify maximum password length using configuration file +From GitLab 12.6, the minimum password length set in this configuration file is ignored. Minimum password lengths must instead be modified via the [GitLab UI](#modify-minimum-password-length-using-gitlab-ui). + The user password length is set to a maximum of 128 characters by default. To change that for installations from source: @@ -39,26 +62,6 @@ To change that for installations from source: 1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect. -NOTE: **Note:** -From GitLab 12.6, the minimum password length set in this configuration file will be ignored. Minimum password lengths will now have to be modified via the [GitLab UI](#modify-minimum-password-length-using-gitlab-ui) instead. - -## Modify minimum password length using GitLab UI - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20661) in GitLab 12.6 - -The user password length is set to a minimum of 8 characters by default. -To change that using GitLab UI: - -In **Admin Area > Settings** (`/admin/application_settings/general`), go to the section **Sign-up restrictions**. - -[Minimum password length settings](../user/admin_area/img/minimum_password_length_settings_v12_6.png) - -Set the **Minimum password length** to a value greater than or equal to 8 and hit **Save changes** to save the changes. - -CAUTION: **Caution:** -Changing minimum or maximum limit does not affect existing user passwords in any manner. Existing users will not be asked to reset their password to adhere to the new limits. -The new limit restriction will only apply during new user sign-ups and when an existing user performs a password reset. - <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/security/password_storage.md b/doc/security/password_storage.md index 96487a75d8d..ca4d350dc06 100644 --- a/doc/security/password_storage.md +++ b/doc/security/password_storage.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference --- diff --git a/doc/security/passwords_for_integrated_authentication_methods.md b/doc/security/passwords_for_integrated_authentication_methods.md index f2597ef1578..4872f26a0ad 100644 --- a/doc/security/passwords_for_integrated_authentication_methods.md +++ b/doc/security/passwords_for_integrated_authentication_methods.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference --- diff --git a/doc/security/project_import_decompressed_archive_size_limits.md b/doc/security/project_import_decompressed_archive_size_limits.md index 16821e1f192..9e50290afcc 100644 --- a/doc/security/project_import_decompressed_archive_size_limits.md +++ b/doc/security/project_import_decompressed_archive_size_limits.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference, howto --- diff --git a/doc/security/rack_attack.md b/doc/security/rack_attack.md index b386917f399..a84ecc8e47d 100644 --- a/doc/security/rack_attack.md +++ b/doc/security/rack_attack.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference, howto --- diff --git a/doc/security/rate_limits.md b/doc/security/rate_limits.md index 9e754cf1917..94cc446c804 100644 --- a/doc/security/rate_limits.md +++ b/doc/security/rate_limits.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: reference, howto --- diff --git a/doc/security/reset_user_password.md b/doc/security/reset_user_password.md index bc8de882afe..66e11587e96 100644 --- a/doc/security/reset_user_password.md +++ b/doc/security/reset_user_password.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: howto --- @@ -53,14 +56,15 @@ Don't forget to save the changes. user.save! ``` -Exit the console and try to login with your new password. +Exit the console, and then try to sign in with your new password. NOTE: **Note:** -Passwords can also be reset via the [Users API](../api/users.md#user-modification) +You can also reset passwords by using the [Users API](../api/users.md#user-modification). ### Reset your root password -The steps described above can also be used to reset the root password. But first, identify the root user, with an `id` of `1`. To do so, run the following command: +The previously described steps can also be used to reset the root password. First, +identify the root user, with an `id` of `1`. To do so, run the following command: ```shell user = User.where(id: 1).first diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md index 995dea7809e..27cc2474b8a 100644 --- a/doc/security/two_factor_authentication.md +++ b/doc/security/two_factor_authentication.md @@ -8,22 +8,22 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Enforce Two-factor Authentication (2FA) Two-factor Authentication (2FA) provides an additional level of security to your -users' GitLab account. Once enabled, in addition to supplying their username and -password to login, they'll be prompted for a code generated by an application on -their phone. +users' GitLab account. After being enabled, in addition to supplying their +username and password to sign in, they'll be prompted for a code generated by an +application on their phone. You can read more about it here: [Two-factor Authentication (2FA)](../user/profile/account/two_factor_authentication.md) ## Enforcing 2FA for all users -Users on GitLab, can enable it without any admin's intervention. If you want to -enforce everyone to set up 2FA, you can choose from two different ways: +Users on GitLab can enable it without any administrator's intervention. If you +want to enforce everyone to set up 2FA, you can choose from two different ways: - Enforce on next login. - Suggest on next login, but allow a grace period before enforcing. -After the configured grace period has elapsed, users will be able to log in but +After the configured grace period has elapsed, users will be able to sign in but won't be able to leave the 2FA configuration area at `/profile/two_factor_auth`. To enable 2FA for all users: @@ -32,15 +32,17 @@ To enable 2FA for all users: (`/admin/application_settings/general`). 1. Expand the **Sign-in restrictions** section, where you can configure both. -If you want 2FA enforcement to take effect on next login, change the grace -period to `0`. +If you want 2FA enforcement to take effect during the next sign-in attempt, +change the grace period to `0`. ## Enforcing 2FA for all users in a group If you want to enforce 2FA only for certain groups, you can: -1. Enable it in the group's **Settings > General** page. Navigate to **Permissions, LFS, 2FA > Two-factor authentication**. -You can then check the **Require all users in this group to setup Two-factor authentication** option. +1. Enable it in the group's **Settings > General** page. Navigate to + **Permissions, LFS, 2FA > Two-factor authentication**. You can then select + the **Require all users in this group to setup Two-factor authentication** + option. 1. You can also specify a grace period in the **Time before enforced** option. To change this setting, you need to be administrator or owner of the group. diff --git a/doc/security/unlock_user.md b/doc/security/unlock_user.md index bf3bbbb701e..4013bfb7cae 100644 --- a/doc/security/unlock_user.md +++ b/doc/security/unlock_user.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: howto --- diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 3d7aa3026ab..2e2fb093916 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -1,4 +1,7 @@ --- +stage: none +group: unassigned +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers type: concepts, reference, howto --- |