Turn off UserDB ignore_case

- As this stores username/password in lowercase, it is not great for security. Also it has the effect of preventing password changes once you toggle it. - If there were an option to standardize the case of usernames on login, that would be nice. But affecting passwords as well is not what we want here.
interchange · Oct 31, 2016 · de45688 · de45688
1 parent 23c8aec
commit de45688
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/dist/strap/catalog.cfg b/dist/strap/catalog.cfg
@@ -270,7 +270,7 @@ UserDB    default    from_plain    1
 UserDB    default    bcrypt_pepper  __BCRYPT_PEPPER__
 
 # Set to 1 to make the username and password case-insensitive
-UserDB    default    ignore_case   1
+UserDB    default    ignore_case   0
 
 # Change a field to something that doesn't conflict in MySQL
 UserDB    default    time_field    mod_time
@@ -304,7 +304,6 @@ EOU
 UserDB    default    logfile       logs/userdb.log
 
 # This makes the login username the user's email address
-# Uncomment to use
 UserDB    default    indirect_login  usernick
 UserDB    default    assign_username 1