\fail{}
Verify that forms containing credentials are not filled in by
the application. Pre-filling by the application implies that
\fail{}
Verify that forms containing credentials are not filled in by
the application. Pre-filling by the application implies that
\begin{result}
All authentication controls (login credentials and client cookies) are
enforced by the application. Note however item~\ref{auth:6}, about the
\begin{result}
All authentication controls (login credentials and client cookies) are
enforced by the application. Note however item~\ref{auth:6}, about the
-of passphrases, and do not prevent password managers,
-long passphrases or highly complex passwords being
+of pass-phrases, and do not prevent password managers,
+long pass-phrases or highly complex passwords being
would be better to pass secrets as environment variables, this is not
really bad practice.
However, the installation instructions state the following:
\begin{verbatim}
Change the file permissions to allow all users write access to the
would be better to pass secrets as environment variables, this is not
really bad practice.
However, the installation instructions state the following:
\begin{verbatim}
Change the file permissions to allow all users write access to the
\end{verbatim}
This implies making the configuration file readable for all users on the
system. This information should not be accessible for any user other than
\end{verbatim}
This implies making the configuration file readable for all users on the
system. This information should not be accessible for any user other than