[TYPO3-dev] Idea for hardened TYPO3 BE-User-Accounts
Dmitry Dulepov [typo3]
dmitry at typo3.org
Fri Oct 26 09:14:57 CEST 2007
Hi!
Christian Trabold wrote:
> What about a new field in be_users which stores a value (the salt) which
> is unique for the given TYPO3-Installation (eg TYPO3-Encryption-Key).
>
> If a backend user logs into the backend this value is checked against
> the current TYPO3-Encryption-Key.
Than it should be not clear encryption key but md5($username, $encrkey). And remember about database keys. This query hits performance.
> I'd like to hear your opinion about this idea. Could this be a real
> hardener?
I am quite sceptic about it...
--
Dmitry Dulepov
TYPO3 freelancer / TYPO3 core team member
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
More information about the TYPO3-dev
mailing list