gPass

gPass Git Source Tree

Root/server/conf.php

1<?php
2/*
3 Copyright (C) 2013-2017 Grégory Soutadé
4
5 This file is part of gPass.
6
7 gPass is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 3 of the License, or
10 (at your option) any later version.
11
12 gPass is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with gPass. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21/*
22 User interface display or not ciphered passwords. Set to false avoid database leakage by user interface (but not by raw HTTP request).
23 */
24$VIEW_CIPHERED_PASSWORDS=true;
25
26/*
27 Allows user creation
28 */
29$ADMIN_MODE=true;
30
31/*
32 Number of iterations for PBKDF2 algorithm.
33 Minimum recommended level is 1000, but you can increase
34 this value to have a better security (need more computation
35 power).
36
37 !! Warning !! This impact master keys. So if you change
38 this value with existings masterkeys, they will unusable !
39 */
40$PBKDF2_LEVEL=1000;
41
42/*
43 This is a security feature : It protects from database dump
44 and database purge without authentication.
45 When get all entries, instead of returning logins/passwords,
46 it returns "shadow logins". These are random values.
47 Shadow logins must be encrypted using masterkey and salt
48 (to generate a unique PBKDF2 derivation) that result in an access tokens.
49 With this access token, user has the right to get
50 encrypted login/password values and remove them.
51 It's a kind of challenge but requires more cpu bandwidth
52 (one derivation + two decryption for each password !).
53
54 This option is backward compatible with old version < 0.6
55*/
56$USE_SHADOW_LOGINS=1;
57
58/*
59 Protection against DDoS.
60 Each request can contains multiple password combinations
61 (to support wildcards for example) and multiple names.
62 Currently only two passwords are sent from addon :
63 www.example.com
64 *.example.com
65 But, on future we may also consider 'www.example.*', '*.example.*' and lower case username.
66 For maximum security, you can set it to 2 or 4 if you want to be backward compatible
67 with addons/extions <= 0.7.
68 */
69$MAX_PASSWORDS_PER_REQUEST=10;
70
71/*
72 Protection against brute force.
73 Minimum delay (in milliseconds) between two requests.
74 */
75$REQUESTS_MIN_DELAY=1000;
76
77/*
78 Clear master keys and reset passwords after 15 minutes of inactivity
79 */
80$CLEAR_TIME=15*60*1000;
81
82/*
83 The first crypto schema use an AES-ECB process to encrypt logins.
84 It's used until version 0.7.
85 Since version 0.8, we use AES-CBC + SHA256.
86 */
87$CRYPTO_V1_COMPATIBLE=1;
88?>

Archive Download this file