[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Martin Kutschker
masi-no at spam-typo3.org
Tue Apr 28 14:26:41 CEST 2009
Michael Stucki schrieb:
> Hi Masi,
>
> Martin Kutschker schrieb:
>> Michael Stucki schrieb:
>>> So what should be the default storage?
>>> a) Plaintext (like now)
>>> b) MD5
>>> c) Salted Hash
>>>
>>> 1) for FE
>>
>> Do we need JS for a) and b)? Or can I use SSL with a plain text password
>> transmission? Anyway, if I had to choose between b) and c) I'd choose c).
>
> We need JS for MD5 and salted hash. In case of a challenge-response
> authentication, even plaintext will require JS on the client side.
So a site owner has to decide if requiring JS is ok for him. I don't know...
Using plaintext is IMHO a business decision (do I want to be able to see
my users passwords).
Masi
More information about the TYPO3-project-4-3
mailing list