[TYPO3-english] TYPO3.ORG hacked

Erik Svendsen erik at linnearad.no
Sun Nov 16 16:37:28 CET 2008

Hello Ries,

I drop the quoting. 

I don't think we are disagreeing in any part, I more and less onlys use md5 
hash and with 7 character as minimum password length on websites, and would 
like to se this as default TYPO3 behavior. And about password length, its 
ekstremly large amount of users having less than 7 characters or using real 
words/easy guessable password. And I have websites with plaintext password, 
where the users are told they shouldn't use the same password as on others 
sites and don't are expexted to put in important information (should not 
do so). 

But my point, as an comment on Andreas alligation about unsecure TYPO3, is 
that password hashing is only a small part of making a website secure and 
has a little to do with the overall security of a CMS or a website. 

Erik Svendsen

More information about the TYPO3-english mailing list