[Typo3-dev] 1-2-3 install - encryptionKey
Dimitri Tarassenko
mitka at mitka.us
Mon Dec 12 22:43:18 CET 2005
Michael,
On 12/12/05, Michael Scharkow <mscharkow at gmx.net> wrote:
> Patrick Gaumond wrote:
> >> Dimitri Tarassenko wrote:
> >>
> >>> On another subject, wouldn't it be better to get rid of default
> >>> passwords (both admin and install tool) once and for all and set them
> >>> up during the install?
> >
> >
> > Prepare to have a fight for "joh316"...
> > Kasper said that this one and religious pictures where there to stay.
>
> Dimitri did not propose to deliberately change it to something else, but
> to create a random password if I understood him correctly.
Almost. I was thinking along the lines of merging steps 2 and 3
(selecting/creating MySQL DB and selecting the SQL dump to import)
into 1 screen and naming it "Database Import", and prompting the user
at step 3 for admin and install tool passwords.
> Security-wise, this is a good idea, but prepare for the "I locked myself
> out of the install tool"-bonanza on the lists.
Every improvement is changing a bigger problem for a smaller one ;) I
don't think there is going to be a big deal of people locking
themselves out just because we change from default password to the
user-assigned. I think it's even more intuitive, since most of the
operating systems go this way when you install them - i.e. they prompt
for root/administrator passwords rather than come preconfigured with a
default password.
Anyways, Patrick's point seems to be a valid one, and I have no free
time and no energy at the moment for yet another political shitstorm.
--
Dimitri Tarassenko
More information about the TYPO3-dev
mailing list