[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Martin Kutschker
masi-no at spam-typo3.org
Tue Apr 28 09:58:04 CEST 2009
Michael Stucki schrieb:
> Hi Masi,
>
>> It's ok for me if folks have to change the password, but only if they
>> have to do it themselves on login. Not all accounts have email addresses
>> so password resetting via email is IMHO not a valid upgrade method.
>
> t3sec_saltedpw contains a hook that converts the passwords on-the-fly
> after a user has successfully logged in.
Nice.
>> PS: If we can have salted hash, then md5 is obsolete.
>
> It can still be provided as an alternative.
Yes, of course, no problem with that. But who would use md5 when he can
have a salted password (and some way to protect the password
transmission)? NEWS.txt should encourage to upgrade.
Masi
More information about the TYPO3-project-4-3
mailing list