From d9270d301dae7180115978c7a59061d3c8816cf2 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Tue, 19 Mar 2019 16:02:55 +0000 Subject: [PATCH] Updated Hardening Guide (WIP) (markdown) --- Hardening-Guide-(WIP).md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Hardening-Guide-(WIP).md b/Hardening-Guide-(WIP).md index 2fc40d9..9dc2760 100644 --- a/Hardening-Guide-(WIP).md +++ b/Hardening-Guide-(WIP).md @@ -7,6 +7,8 @@ bitwarden_rs also allows registered users to invite other new users to create ac ## Enable HTTPS +### TLS hardening + ## Disable password hint display bitwarden_rs displays password hints on the login page to accommodate small/local deployments that do not have SMTP configured, which could be abused by an attacker to facilitate password-guessing attacks against users on the server. This can be disabled in the admin panel by unchecking the `Show password hints` option or by starting the server with the `SHOW_PASSWORD_HINT=false` environment variable.