[TYPO3-english] TYPO3.ORG hacked
erik at linnearad.no
Sun Nov 16 16:37:28 CET 2008
I drop the quoting.
I don't think we are disagreeing in any part, I more and less onlys use md5
hash and with 7 character as minimum password length on websites, and would
like to se this as default TYPO3 behavior. And about password length, its
ekstremly large amount of users having less than 7 characters or using real
words/easy guessable password. And I have websites with plaintext password,
where the users are told they shouldn't use the same password as on others
sites and don't are expexted to put in important information (should not
But my point, as an comment on Andreas alligation about unsecure TYPO3, is
that password hashing is only a small part of making a website secure and
has a little to do with the overall security of a CMS or a website.
More information about the TYPO3-english