From 4a7830a96d37086be66b2bcaf20d2d41414bb85d Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Mon, 16 Jun 2014 19:21:12 +0200 Subject: [PATCH] add [hash] to isso.conf and update some strings --- share/isso.conf | 57 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/share/isso.conf b/share/isso.conf index 2955f74..bd8913c 100644 --- a/share/isso.conf +++ b/share/isso.conf @@ -4,7 +4,7 @@ [general] # file location to the SQLite3 database, highly recommended to change this -# location to a non-temporary location +# location to a non-temporary location! dbpath = /tmp/comments.db # required to dispatch multiple websites, not used otherwise. @@ -30,6 +30,14 @@ max-age = 15m # Select notification backend for new comments. Currently, only SMTP is # available. +# Select notification backend(s) for new comments, separated by comma. +# Available backends: +# +# stdout +# Log to standard output. Default, if none selected. +# smtp +# Send notifications via SMTP on new comments with activation (if +# moderated) and deletion links. notify = @@ -57,8 +65,8 @@ listen = http://localhost:8080 # Only works with the internal webserver. reload = off -# show 10 most time consuming function in Isso after each request. Do not use in -# production. +# show 10 most time consuming function in Isso after each request. Do not use +# in production. profile = off @@ -79,15 +87,16 @@ host = localhost # SMTP port port = 587 -# use a secure connection to the server, possible values: "none", "starttls" -# or "ssl". Python 2.X probably does not validate certificates (needs -# research). But you should use a dedicated email account anyways. +# use a secure connection to the server, possible values: none, starttls or +# ssl. Note, that Python does not validate the server's certificate and thus +# the connection is vulnerable to Man-in-the-Middle attacks. Therefore, you +# should definitely use a dedicated SMTP account for Isso. security = starttls # recipient address, e.g. your email address to = -# sender address, e.g. isso@example.tld +# ender address, e.g. "Foo Bar" from = # specify a timeout in seconds for blocking operations like the @@ -96,8 +105,8 @@ timeout = 10 [guard] -# Enable basic spam protection features, e.g. rate-limit per IP address (/24 for -# IPv4, /48 for IPv6). +# Enable basic spam protection features, e.g. rate-limit per IP address (/24 +# for IPv4, /48 for IPv6). # enable guard, recommended in production. Not useful for debugging purposes. enabled = true @@ -105,13 +114,13 @@ enabled = true # limit to N new comments per minute. ratelimit = 2 -# how many comments directly to the thread (prevent a simple while true; do curl -# ...; done. +# how many comments directly to the thread (prevent a simple while true; do +# curl ...; done. direct-reply = 3 -# allow commenters to reply to their own comments when they could still edit the -# comment. After the editing timeframe is gone, commenters can reply to their -# own comments anyways. Do not forget to configure the client. +# allow commenters to reply to their own comments when they could still edit +# the comment. After the editing timeframe is gone, commenters can reply to +# their own comments anyways. Do not forget to configure the client. reply-to-self = false @@ -132,3 +141,23 @@ allowed-elements = # generated output, comma-separated. By default, only align and href are # allowed. allowed-attributes = + + +[hash] +# Customize used hash functions to hide the actual email addresses from +# commenters but still be able to generate an identicon. + + +# A salt is used to protect against rainbow tables. Isso does not make use of +# pepper (yet). The default value has been in use since the release of Isso and +# generates the same identicons for same addresses across installations. +salt = Eech7co8Ohloopo9Ol6baimi + +# Hash algorithm to use -- either from Python's hashlib or PBKDF2 (a +# computational expensive hash function). +# +# The actual identifier for PBKDF2 is pbkdf2:1000:6:sha1, which means 1000 +# iterations, 6 bytes to generate and SHA1 as pseudo-random family used for key +# strengthening. Arguments have to be in that order, but can be reduced to +# pbkdf2:4096 for example to override the iterations only. +algorithm = pbkdf2