summaryrefslogtreecommitdiff
path: root/doc/pl/autogen
diff options
context:
space:
mode:
authorSébastien Helleu <flashcode@flashtux.org>2020-04-14 21:34:46 +0200
committerSébastien Helleu <flashcode@flashtux.org>2020-04-14 21:38:12 +0200
commit9fa3609c85e4b6608d366bed4e47ab9553cd5bc9 (patch)
tree9e5a3db61942617a2be5a0300d95703a94a47d76 /doc/pl/autogen
parentccd45e4921ff5614f65dad6d742a58225fde92a6 (diff)
downloadweechat-9fa3609c85e4b6608d366bed4e47ab9553cd5bc9.zip
relay: add command "handshake" in weechat relay protocol and nonce to prevent replay attacks (closes #1474)
This introduces a new command called "handshake" in the weechat relay protocol. It should be sent by the client before the "init" command, to negotiate the way to authenticate with a password. 3 new options are added: * relay.network.auth_password * relay.network.hash_iterations * relay.network.nonce_size
Diffstat (limited to 'doc/pl/autogen')
-rw-r--r--doc/pl/autogen/user/relay_options.adoc18
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/pl/autogen/user/relay_options.adoc b/doc/pl/autogen/user/relay_options.adoc
index cf113418b..033bcd1fb 100644
--- a/doc/pl/autogen/user/relay_options.adoc
+++ b/doc/pl/autogen/user/relay_options.adoc
@@ -116,6 +116,12 @@
** wartości: dowolny ciąg
** domyślna wartość: `+""+`
+* [[option_relay.network.auth_password]] *relay.network.auth_password*
+** opis: pass:none[comma separated list of hash algorithms used for password authentication in weechat protocol, among these values: "plain" (password in plain text, not hashed), "sha256", "sha512", "pbkdf2+sha256", "pbkdf2+sha512"), "*" means all algorithms, a name beginning with "!" is a negative value to prevent an algorithm from being used, wildcard "*" is allowed in names (examples: "*", "pbkdf2*", "*,!plain")]
+** typ: ciąg
+** wartości: dowolny ciąg
+** domyślna wartość: `+"*"+`
+
* [[option_relay.network.auth_timeout]] *relay.network.auth_timeout*
** opis: pass:none[timeout (in seconds) for client authentication: connection is closed if the client is still not authenticated after this delay and the client status is set to "authentication failed" (0 = wait forever)]
** typ: liczba
@@ -140,6 +146,12 @@
** wartości: 0 .. 9
** domyślna wartość: `+6+`
+* [[option_relay.network.hash_iterations]] *relay.network.hash_iterations*
+** opis: pass:none[number of iterations asked to the client in weechat protocol when a hashed password with algorithm PBKDF2 is used for authentication; more iterations is better in term of security but is slower to compute; this number should not be too high if your CPU is slow]
+** typ: liczba
+** wartości: 1 .. 1000000
+** domyślna wartość: `+100000+`
+
* [[option_relay.network.ipv6]] *relay.network.ipv6*
** opis: pass:none[nasłuchuj domyślnie na gnieździe IPv6 (w dodatku do domyślnego IPv4); protokoły IPv4 i IPv6 mogą być wymuszane (pojedynczo lub razem) w nazwie protokołu (zobacz /help relay)]
** typ: bool
@@ -152,6 +164,12 @@
** wartości: 0 .. 2147483647
** domyślna wartość: `+5+`
+* [[option_relay.network.nonce_size]] *relay.network.nonce_size*
+** opis: pass:none[size of nonce (in bytes), generated when a client connects; the client must use this nonce, concatenated to the client nonce and the password when hashing the password in the "init" command of the weechat protocol]
+** typ: liczba
+** wartości: 8 .. 128
+** domyślna wartość: `+16+`
+
* [[option_relay.network.password]] *relay.network.password*
** opis: pass:none[hasło wymagane od klientów do połączenia z tym pośrednikiem (pusta wartość oznacza brak hasła, zobacz opcję relay.network.allow_empty_password) (uwaga: zawartość jest przetwarzana, zobacz /help eval)]
** typ: ciąg