diff --git a/admin_guide/customization.rst b/admin_guide/customization.rst index fce4b69a2..967d2196d 100644 --- a/admin_guide/customization.rst +++ b/admin_guide/customization.rst @@ -9,6 +9,7 @@ The functionality as well as the look-and-feel of an instance can be customized The purpose of the ``customize`` directory is to make it easier to upgrade CryptPad while maintaining customizations in place. Occasionally, a major new version may introduce breaking changes or require adjustments in the customizations. Administrators with customized instances are therefore encouraged to **read instructions carefully before each upgrade**. +.. _admin_application_config: Application config ------------------ @@ -27,6 +28,17 @@ To disable unregistered use of CryptPad, add the following to ``customize/applic AppConfig.registeredOnlyTypes = AppConfig.availablePadTypes; +This will prevent unregistered users from using any of the applications. + +To block unregistered users from creating or saving new documents, add the following lines to ``customize/application_config.js``: + +.. code:: javaScript + + AppConfig.disableAnonymousPadCreation = true; + AppConfig.disableAnonymousStore = true; + +However, documents can still be shared with unregistered users, allowing them to edit and view files via shared links. + .. note:: To close registration of new users on the instance, see :ref:`admin_close_registration` in the admin panel. diff --git a/admin_guide/installation.rst b/admin_guide/installation.rst index 9c3de2c97..ea57a77e2 100644 --- a/admin_guide/installation.rst +++ b/admin_guide/installation.rst @@ -344,6 +344,33 @@ contains at least: httpSafeOrigin: "https://some-other-domain.xyz", + +It is strongly recommended to set a login salt before users create accounts on your instance. This makes it more difficult for attackers to use rainbow tables or reuse credentials from other CryptPad instances. + +.. warning:: + The login salt can only be set when first creating your CryptPad instance. + **Changing it later will break logins for all existing users.** + +Create ``customize/application_config.js`` file (see :ref:`admin_application_config`) and add the following configuration, replacing the preset value with a random string of your choice: + +Generate a random 32 character string: + +.. code:: bash + + openssl rand -hex 32 + +Then add the following to ``customize/application_config.js``: + +.. code:: javascript + + AppConfig.loginSalt = ''; + +You may also want to increase the minimum password length by adding: + +.. code:: javascript + + AppConfig.minimumPasswordLength = 8; + .. _admin_instance_setup: Setup your instance