diff options
Diffstat (limited to 'user_guide_src')
-rw-r--r-- | user_guide_src/source/changelog.rst | 2 | ||||
-rw-r--r-- | user_guide_src/source/conf.py | 4 | ||||
-rw-r--r-- | user_guide_src/source/general/security.rst | 12 | ||||
-rw-r--r-- | user_guide_src/source/installation/upgrade_300.rst | 2 | ||||
-rw-r--r-- | user_guide_src/source/tutorial/static_pages.rst | 2 |
5 files changed, 12 insertions, 10 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index a1b15105f..45780ddb3 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -565,7 +565,7 @@ Release Date: Not Released - Changed the library constructor to try to create the **log_path** directory if it doesn't exist. - Added support for microseconds ("u" date format character) in ``$config['log_date_format']``. - - Added `compatibility layers <general/compatibility_functions>` for: + - Added :doc:`compatibility layers <general/compatibility_functions>` for: - `Multibyte String <http://php.net/mbstring>`_ (limited support). - `Hash <http://php.net/hash>`_ (``hash_equals()``, ``hash_pbkdf2()``). diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py index d65fe0dfd..93d70b2e4 100644 --- a/user_guide_src/source/conf.py +++ b/user_guide_src/source/conf.py @@ -48,9 +48,9 @@ copyright = u'2014 - 2015, British Columbia Institute of Technology' # built documents. # # The short X.Y version. -version = '3.0' +version = '3.0.0' # The full version, including alpha/beta/rc tags. -release = '3.0-dev' +release = '3.0.0' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index efc821f2b..fcfe4c24b 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -143,11 +143,15 @@ with that. Please read below. feature, just randomly generate a new, one-time (this is also important) password and send that instead. -- DO NOT put artificial limits on your users' passwords. +- DO NOT put unnecessary limits on your users' passwords. - There's no point in forcing a rule that a password can only be up to - a number of characters, or that it can't contain a certain set of - special characters. + If you're using a hashing algorithm other than BCrypt (which has a limit + of 72 characters), you should set a relatively high limit on password + lengths in order to mitigate DoS attacks - say, 1024 characters. + + Other than that however, there's no point in forcing a rule that a + password can only be up to a number of characters, or that it can't + contain a certain set of special characters. Not only does this **reduce** security instead of improving it, but there's literally no reason to do it. No technical limitations and diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 7e3479740..a3d712482 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -2,8 +2,6 @@ Upgrading from 2.2.x to 3.0.0 ############################# -.. note:: These upgrade notes are for a version that is yet to be released. - Before performing an update you should take your site offline by replacing the index.php file with a static one. ************************************* diff --git a/user_guide_src/source/tutorial/static_pages.rst b/user_guide_src/source/tutorial/static_pages.rst index 210d9f8d6..0c75d5a34 100644 --- a/user_guide_src/source/tutorial/static_pages.rst +++ b/user_guide_src/source/tutorial/static_pages.rst @@ -64,7 +64,7 @@ following code. </head> <body> - <h1>CodeIgniter Tutorial</h1> + <h1><?php echo $title ?></h1> The header contains the basic HTML code that you'll want to display before loading the main view, together with a heading. It will also |