[Typo3] FE user password stored in cleartext ?
Mario Matzulla
mario.melanie at arcor.de
Thu Jul 14 09:04:20 CEST 2005
> And BTW: If you don't trust your admin you should reconsider the whole
> security concept.
Sure, you should trust your admin, BUT how many people out there have
different passwords for each of their accounts? I guess less then 5%. So
all the others use their passwords in more than one account. So, if I -
as a user - have the choise, I would prefer my password being stored as
a md5 hash.
> Well - if someone gains access to the DB then he doesn't need a password
> anymore ;-)
That is right, but why should I make it easy for him to read the
passwords? To retrieve the clear text out of a md5 hash takes time.
>>Is KB MD5 FE Passwords extension the answer ? I'm only doubtful about
>>how the "hashing" of password can affect other extensions that share
>>login/pass data and autentication ( i.e., forum integration...it
>>seems a complete vbulletin integration is just on the way!! )
Well, I have tried several extension, but they all didn't work. May be
someone who reads this and got them running can help me.
I would prefer if the choise, how fe-user passwords are stored, would be
integrated into the typo3-core.
What do you think?
Mario Matzulla
More information about the TYPO3-english
mailing list