[TYPO3-english] Using saltedpassword/sr_feuser_register correctly
gencha
kinggencha at googlemail.com
Thu Sep 1 15:56:29 CEST 2011
On 2011-09-01 15:46, Jigal van Hemert wrote:
> Hi,
>
> On 1-9-2011 14:27, Oliver Salzburg wrote:
>> Now when I change my password in the frontend, it will be stored in
>> plain-text again.
>>
>> What am I missing?
>
> I don't think you are missing anything. I think that sr_feuser_register
> is missing support for saltedpasswords.
>
> In tx_felogin_pi1::changePassword() you can see that a hook is used to
> change the password into a salted hash before storing it.
> sr_feuser_register could use the same hook.
>
> After you changed your password it will be changed to a salted hash upon
> your next login.
>
How disappointing. I don't think it's acceptable to store/transfer
plaintext passwords at any time for whatever duration. I'll see what
alternatives to sr_feuser_register there are.
Any recommendations?
Thanks so far
More information about the TYPO3-english
mailing list