[TYPO3-english] TYPO3.ORG hacked
Erik Svendsen
erik at linnearad.no
Sun Nov 16 20:34:52 CET 2008
Hello Ries,
>> But my point, as an comment on Andreas alligation about unsecure
>> TYPO3, is
>> that password hashing is only a small part of making a website
>> secure and
>> has a little to do with the overall security of a CMS or a website.
> Yes, that is absolutely right, each part of added security makes it
> more difficult for anybody to gain access or get valuable information
> from the system.
>
> Also each part tries to protect a different security constraint. (is
> that correct english???)
>
> Ries
>
Don't know, I'm struggling with English myself. But I understand whar you
mean.
Else md5 hashes are going to be a part of TYPO3 4.3 frontend password, together
with OpenID both in FE and BE-login. I have also suggested to set default
min character length both for FE and BE password (may be overriden by the
admin). The md5 hash solution should be backported to 4.2. 4.0 and 4.1 has
another login solution.
WBR,
Erik Svendsen
www.linnearad.no
More information about the TYPO3-english
mailing list