76453550a5
Closes #9758 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>
10 lines
No EOL
726 B
Text
10 lines
No EOL
726 B
Text
[[validate_user_attributes]]
|
|
=== Validate user attributes
|
|
|
|
With the functionality in <<user-profile>>, administrators can restrict the data users enter for attributes, for example, in user registration or the account console.
|
|
|
|
Administrators should not allow unmanaged attributes for users to prevent attackers adding an unlimited number of attributes.
|
|
Attributes should have a validation that restricts the amount of data entered by attackers.
|
|
|
|
When using regular expressions to validate user attributes, avoid regular expressions that use an excessive amount of memory or CPU.
|
|
See https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS[OWASP's Regular expression Denial of Service] for details. |