[TYPO3-project-4-3] saltedpasswords for v4.3
Michael Stucki
michael at typo3.org
Tue Aug 18 08:15:22 CEST 2009
Ingmar Schlecht schrieb:
> Hi guys,
>
> Steffen Ritter schrieb:
>> In a discussion with Steffen via Skype we turned out that
>> saltedpasswords was not activated for be, since he does not use rsaauth.
>>
>> Marcus Krause and me once decided not to allow plain transmit of
>> BE-Passwords, which would be needed for saltedpasswords without RSA.
>
> I think plain text password transmitted over the wire should be allowed,
> because that is actually still a good way when using HTTPS.
Nope. Use rsaauth for secure transmission. There is really no need to
allow plaintext transmission.
The same applies for the frontend, but there we may keep the plaintext
option in order of backwards compatibility. The important thing here is
that encrypted transmission is also possible (and should become the
default in future...).
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-project-4-3
mailing list