docs(security): Add warning about using a high cost for bcrypt

2022-01-08 19:41:50 -05:00
parent c712133df0
commit f6f7e15735
1 changed files with 3 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -886,6 +886,9 @@ security:
    password-bcrypt-base64: "JDJhJDEwJHRiMnRFakxWazZLdXBzRERQazB1TE8vckRLY05Yb1hSdnoxWU0yQ1FaYXZRSW1McmladDYu"
 ```
 **WARNING:** Make sure to carefully select to cost of the bcrypt hash. The higher the cost, the longer it takes to compute the hash,
 and basic auth verifies the password against the hash on every request. As of 2022-01-08, I suggest a cost of 8.
 #### OIDC (ALPHA)
 | Parameter                        | Description                                                    | Default       |
 |:---------------------------------|:---------------------------------------------------------------|:--------------|