[Typo3-dev] change for FE user passwords
Michael Stucki
michael at typo3.org
Sat Apr 16 00:52:36 CEST 2005
Hi Masi,
> 2005-04-15 Michael Stucki <michael at typo3.org>
>
> * Made fe_user passwords case sensitive and render them as password
> fields
>
> Uh-oh!
>
> Don't you think that will lock out many users? IMHO you cannot change this
> just passing by.
>
> Case-sensitivity of FE user passwords should be a per site-option.
My patch does break absolutely nothing. Passwords have been case sensitive
for years, the point is that you just could only enter them in lower case
letters when working in the backend.
Feel free to test this.
> Same is true for the password field option. Yes, it's a pssible security
> breach, but some admins (help desk users) might want to read the password
> of the users.
You can still change TCA using ext_tables.php or so if you want that.
However, the default option should be to hide all passwords. I think most
people will agree on this...
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-dev
mailing list