[Typo3] FE user password stored in cleartext ?
Michael Stucki
michael at typo3.org
Thu Jul 14 10:50:35 CEST 2005
Mathias Schreiber [wmdb>] wrote:
> Mario Matzulla wrote:
>> I would prefer if the choise, how fe-user passwords are stored, would be
>> integrated into the typo3-core.
>
> You mean "switchable"?
> Might be an option.
> Let me see what we would need to change (additions welcome):
> - TCA password fields would have to react on a value in TYPO3_CONF_VARS
> (or page TSConfig, if you want to have it switchable by trees, not
> installs).
> - FE_USERAUTH would have to react on value (as above)
> - feadminLib would have to react on values
I agree the fe_user password should not be clear-text, regardless of how
much work this means.
However this will break existing sites so we have to clearly think about a
proper solution.
> Any place I forgot?
Is this submitted to the bugtracker already?
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-english
mailing list