[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Martin Kutschker
masi-no at spam-typo3.org
Fri Apr 24 18:10:30 CEST 2009
Michael Stucki schrieb:
>
> So what should be the default storage?
> a) Plaintext (like now)
> b) MD5
> c) Salted Hash
>
> 1) for FE
> 2) for BE
c for both FE and BE if there is an upgrade path for existing accounts.
It's ok for me if folks have to change the password, but only if they
have to do it themselves on login. Not all accounts have email addresses
so password resetting via email is IMHO not a valid upgrade method.
Masi
PS: If we can have salted hash, then md5 is obsolete.
More information about the TYPO3-project-4-3
mailing list