[TYPO3-english] TYPO3.ORG hacked
ries van Twisk
typo3 at rvt.dds.nl
Sun Nov 16 19:46:46 CET 2008
On Nov 16, 2008, at 10:37 AM, Erik Svendsen wrote:
> Hello Ries,
>
> I drop the quoting.
>
> I don't think we are disagreeing in any part, I more and less onlys
> use md5
> hash and with 7 character as minimum password length on websites,
> and would
> like to se this as default TYPO3 behavior. And about password
> length, its
> ekstremly large amount of users having less than 7 characters or
> using real
> words/easy guessable password. And I have websites with plaintext
> password,
> where the users are told they shouldn't use the same password as on
> others
> sites and don't are expexted to put in important information (should
> not
> do so).
Agreed...
>
>
> But my point, as an comment on Andreas alligation about unsecure
> TYPO3, is
> that password hashing is only a small part of making a website
> secure and
> has a little to do with the overall security of a CMS or a website.
Yes, that is absolutely right, each part of added security makes it
more difficult for anybody to gain access or get valuable information
from the system.
Also each part tries to protect a different security constraint. (is
that correct english???)
Ries
>
>
> WBR,
> Erik Svendsen
> www.linnearad.no
>
>
regards, Ries van Twisk
-------------------------------------------------------------------------------------------------
Ries van Twisk
tags: Freelance TYPO3 Glassfish JasperReports JasperETL Flex Blaze-DS
WebORB PostgreSQL DB-Architect
email: ries at vantwisk.nl
web: http://www.rvantwisk.nl/
skype: callto://r.vantwisk
More information about the TYPO3-english
mailing list