[TYPO3-project-4-3] saltedpasswords for v4.3
Oliver Hader
oliver at typo3.org
Sun Jul 19 18:28:23 CEST 2009
Hi Benni,
Benjamin Mack schrieb:
> Hey Steffen,
>
> that sounds very promising. Let's get this one in 4.3! I'm glad there
> are so many security improvements going.
>
> One thing though: It might be very helpful with all these modifications
> in the backend and frontend of TYPO3 to have a documentation, a chart or
> something like that to show what security measurements we have right
> now. I mean, if a TYPo3 admin (does not have to be a security geek)
> reads this:
>
> * openID support
> * RSA authentication for FE and BE (optional, needs dependencies)
> * Salted passwords
> * MD5-hashed passwords
>
> The admin doesn't know
> a) what the benefits are
> b) how to enable these features
> c) what the implications for each change are in terms of his FE Login
> template or his "lost password" feature in there, his LDAP BE User, his
> passwords etc.
>
> So, I'm thinking of a cool document like "How to use these cool new
> security features in 4.3" so people know what to do with it.
+1
Since it took some time for me to understand what parts the
saltedpasswords touch and what could happen, it is a requirement to have
a proper documentation on these mechanisms.
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-project-4-3
mailing list