21 lines
810 B
YAML
21 lines
810 B
YAML
|
---
|
||
|
Name: 'webapp-security'
|
||
|
After: 'framework/*, cms/*, security_baseline'
|
||
|
---
|
||
|
SilverStripe\Security\Member:
|
||
|
lock_out_after_incorrect_logins: 5
|
||
|
lock_out_delay_mins: 5
|
||
|
# Password expiry should only happen when the password is leaked (optionally expire automatically if PCI/NIST compliance is required)
|
||
|
# password_expiry_days: 90
|
||
|
# instead of password change, we send out a notice on change of password OR Email (notify_account_security_change)
|
||
|
notify_password_change: false
|
||
|
|
||
|
SilverStripe\Forms\PasswordField:
|
||
|
autocompleate: false
|
||
|
|
||
|
SilverStripe\Core\Injector\Injector:
|
||
|
SilverStripe\Security\MemberAuthenticator\LostPasswordHandler:
|
||
|
class: Site\Extensions\LostPasswordHandlerExtension
|
||
|
SilverStripe\Security\MemberAuthenticator\MemberLoginForm:
|
||
|
class: Site\Extensions\SiteMemberLoginForm
|