[TYPO3-english] TYPO3.ORG hacked
erik at linnearad.no
Sun Nov 16 20:34:52 CET 2008
>> But my point, as an comment on Andreas alligation about unsecure
>> TYPO3, is
>> that password hashing is only a small part of making a website
>> secure and
>> has a little to do with the overall security of a CMS or a website.
> Yes, that is absolutely right, each part of added security makes it
> more difficult for anybody to gain access or get valuable information
> from the system.
> Also each part tries to protect a different security constraint. (is
> that correct english???)
Don't know, I'm struggling with English myself. But I understand whar you
Else md5 hashes are going to be a part of TYPO3 4.3 frontend password, together
with OpenID both in FE and BE-login. I have also suggested to set default
min character length both for FE and BE password (may be overriden by the
admin). The md5 hash solution should be backported to 4.2. 4.0 and 4.1 has
another login solution.
More information about the TYPO3-english