Migrate current password hashing to Argon2id
This commit is contained in:
2
API.md
2
API.md
@@ -58,4 +58,4 @@ Owner restrictions: owner role/admin status cannot be changed, and owner account
|
||||
- CSP is tightened to disallow inline styles and insecure image origins (`img-src` excludes `http:`).
|
||||
- In production, HTTPS redirection and HSTS are enabled.
|
||||
- Screenshot URL validation rejects private/reserved address ranges and pins outbound connections to validated public IPs.
|
||||
- Password hashing is versioned; legacy hashes are transparently upgraded on successful login/admin password confirmation.
|
||||
- Password hashing is versioned with Argon2id as current; legacy hashes are transparently upgraded on successful login/admin password confirmation.
|
||||
|
||||
Reference in New Issue
Block a user