[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Michael Stucki
michael at typo3.org
Fri Apr 24 17:16:52 CEST 2009
Hi Xavier,
> I'm for integrating good extensions that allow
> encrypting/hasing/salting/... the passwords. They do not need to be
> readable.
>
> However, there's a problem with retrieving a lost password, especially
> for FE users. Please see my post on dev list ("feuser, forgot password
> and kb_md5fepw").
You should forget about this feature. It was there in TYPO3 for some
reason, but there is no other system I know of that sends you the
current password when you forgot it. Usually, the password is changed to
a random new one, and this will work fine with both authentication systems.
So what should be the default storage?
a) Plaintext (like now)
b) MD5
c) Salted Hash
1) for FE
2) for BE
RSA is left out of this voting because it affects the tranmission, not
the storage of the password...
OpenID should also not become the default because it depends on external
systems...
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-project-4-3
mailing list