[TYPO3-english] [TYPO3] Forcing to change password extension
Christian Lerrahn (Cerebrum)
christian.lerrahn at cerebrum.com.au
Fri Apr 15 16:49:27 CEST 2011
Hi Sergey,
On Wed, 13 Apr 2011 12:16:14 -0400
Sergey Alexandrov <serg at alexandrov.us> wrote:
> Found this thread dated 2007 but still can't find extension :) Does
> anybody know if it was developed ?
> Also found cl_beuser_password but not sure if it will work with 4.3
> and 4.5 :(
The extension doesn't work with current TYPO3 versions out of the box.
However, with a minimal code modification you can get it to work (it's
just a redirect you have to adjust).
However, I have to mention that this extension has a major weakness. At
the time it requires the user to change his password, he is already
logged in and can easily circumvent the password change by just
manually navigating to the BE. He will be asked to change the password
again next time he logs in but will always be able to use the same
trick again. So, the nuisance factor is the only thing that enforces a
new password.
I've been working on a new extension which solves this problem more
elegantly and without the weakness described above. That requires
patching the core and so far my core patch is still under heavy
development and only works properly with rsaauth. I hope to be able to
release a version which works for the usual "superchallenged"
authentication as well and will then also submit my core patch for
review.
If you want to have a preview version of what I have now, please
contact me privately and I'll send you the T3X.
Cheers,
Christian
More information about the TYPO3-english
mailing list