[TYPO3-english] Salted passwords not installed message
Philipp Gampe
philipp.gampe at typo3.org
Fri May 10 10:34:16 CEST 2013
Hi Richard,
Richard Davies wrote:
> I've checked the latest version of Typo3 and it looks like this 'issue' is
> fixed: saltedpasswords is installed at Typo3 installation. This is still
> an issue with Typo3 4.5 but I'm happy with it as it is fixed in future
> releases.
It is not a bug, it is a feature ;)
Saltedpasswords should be used for security reasons (and if you don't you
are quite vulnerable for law suits, if any damage is done due to stole
credentials).
Saltedpasswords is not activated by default because of several reasons,
including, but not exclusively, buggy systems, old installations with
upgrade problems and various single-sign-on services.
It is (as you found out) activated by default in newer installations.
This default will not change in 4.5 as this version is in security and
priority bugfixes period (thus only critical things are fixed).
I don't really consider this a bug. This is just a warning that shows you
that your installation is most likely misconfigured and that you should take
action to get proper security.
Best regards
--
Philipp Gampe – PGP-Key 0AD96065 – TYPO3 UG Bonn/Köln
Documentation – Active contributor TYPO3 CMS
TYPO3 .... inspiring people to share!
More information about the TYPO3-english
mailing list