[TYPO3-english] TYPO3.ORG hacked

Marcus Krause marcus#exp2008 at t3sec.info
Sun Nov 16 06:09:04 CET 2008

Andreas Becker schrieb:
> Big Plus in this approach would also be that all this hick hack with
> connecting a backend user with a frontend user could be integrated in core
> to and working simply by default. Check out eZ-Publish how they do it. You
> install the site and you have a secure login and much much more automatic
> installed which improves security beside the fact that when you install an
> eZ-Publish or eZ-Flow you already have a working site and can start simply
> with inserting content ;-)

eZ-Publish does md5 hashing on passwords by default.
eZ-Publish transfers credentials in plaintext.

How can this be considered as secure login?


More information about the TYPO3-english mailing list