[TYPO3-english] TYPO3.ORG hacked
Erik Svendsen
erik at linnearad.no
Sun Nov 16 16:37:28 CET 2008
Hello Ries,
I drop the quoting.
I don't think we are disagreeing in any part, I more and less onlys use md5
hash and with 7 character as minimum password length on websites, and would
like to se this as default TYPO3 behavior. And about password length, its
ekstremly large amount of users having less than 7 characters or using real
words/easy guessable password. And I have websites with plaintext password,
where the users are told they shouldn't use the same password as on others
sites and don't are expexted to put in important information (should not
do so).
But my point, as an comment on Andreas alligation about unsecure TYPO3, is
that password hashing is only a small part of making a website secure and
has a little to do with the overall security of a CMS or a website.
WBR,
Erik Svendsen
www.linnearad.no
More information about the TYPO3-english
mailing list