tempel icon indicating copy to clipboard operation
tempel copied to clipboard

Published 20 hours ago verified publisher icon taoensso

Have you considered the OWASP recommendations for password storage?

Open ptaoussanis opened this issue 1 year ago • 1 comments

Moving a question from @ieugen below:

A different question (maybe another issue?). Have you considered the OWASP recommendations for password storage? Would it make sense to have an opinionated module that users can use and get Tempel with pre-configured options following OWASP recommendations ?

I know some people who do compliance find these certifications / recommendations very important. I know they change over time so adding the year in the name would make it easy to check and switch: :owasp-2024-xxx .

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#maximum-password-lengths

ptaoussanis avatar Mar 20 '24 15:03 ptaoussanis

Tempel can already meet the linked OWASP recommendations, would just need to document how users can do that.

If there's interest, I'm happy to add this to the next wiki docs update 👍

ptaoussanis avatar Mar 20 '24 15:03 ptaoussanis