[TYPO3-english] TYPO3.ORG hacked

Erik Svendsen erik at linnearad.no
Sun Nov 16 20:34:52 CET 2008

Hello Ries,

>> But my point, as an comment on Andreas alligation about unsecure
>> TYPO3, is
>> that password hashing is only a small part of making a website
>> secure and
>> has a little to do with the overall security of a CMS or a website.
> Yes, that is absolutely right, each part of added security makes it
> more difficult for anybody to gain access or get valuable information
> from the system.
> Also each part tries to protect a different security constraint. (is
> that correct english???)
> Ries

Don't know, I'm struggling with English myself. But I understand whar you 

Else md5 hashes are going to be a part of TYPO3 4.3 frontend password, together 
with OpenID both in FE and BE-login. I have also suggested to set default 
min character length both for FE and BE password (may be overriden by the 
admin). The md5 hash solution should be backported to 4.2. 4.0 and 4.1 has 
another login solution.

Erik Svendsen

More information about the TYPO3-english mailing list