[TYPO3-english] Do I still need kb_md5fepw with TYPO3 4.2.6?

Christopher christopher at temporaryforwarding.com
Sat Feb 21 18:37:41 CET 2009

Hi guys!

"Christopher" schrieb:
> With your answers: kb_md5fepw seems to be at least a good choice for me.
> One more thing:
> I now also had the time to have a look at t3sec_saltedpw which 
> additionally uses a salt (which should be even more secure).
> The extension always sends the passwords to the server in clear text.
> Does kb_md5fepw do the same?

just to have the info here: No, kb_md5fepw transmits the password in an 
encrypted way.

> Will this be a security risk?

If there is no SSL consider man in the middle-attacks.

> So the final question is: Which of these two extensions would be the 
> better choice?

For my problem kb_md5fepw is better.
The additional security which t3sec_saltedpw offers is helpfull, if a 
malicious user already has access to the database. He then can read out the 
passwords, but they are encrypted in a way which makes reusing them really 


More information about the TYPO3-english mailing list