merge ts ; ts pmo
This commit is contained in:
rattatwinko
13
README.md
13
README.md
@@ -153,6 +153,19 @@ markdownblog/
|
||||
|
||||
---
|
||||
|
||||
## 🔒 Admin Password Security
|
||||
|
||||
- The admin password is stored securely using the bcrypt hashing algorithm (work factor 12, as recommended by [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)).
|
||||
- The hash is saved in `posts/admin.json`, which is excluded from git via `.gitignore`.
|
||||
- Password changes are written atomically to prevent file corruption.
|
||||
- If the password file is missing or corrupted, the default login is `admin`/`admin` (with a bcrypt hash generated at runtime).
|
||||
- Passwords longer than 72 bytes are rejected (bcrypt's safe max).
|
||||
- You can change the admin password from the admin dashboard after logging in.
|
||||
|
||||
**Never share or commit your `posts/admin.json` file!**
|
||||
|
||||
---
|
||||
|
||||
## 🌐 Favicon
|
||||
|
||||
Place your favicon files (e.g., `favicon.ico`, `favicon-32x32.png`, `favicon-16x16.png`) in the `public` directory at the project root.
|
||||
|
||||
Reference in New Issue
Block a user