[TYPO3-project-4-3] saltedpasswords for v4.3
Steffen Kamper
info at sk-typo3.de
Mon Jul 20 23:05:08 CEST 2009
Hi,
Oliver Hader schrieb:
> a) Stay with MD5 for creating admin users in the install tool:
>
> Since the install tool should not rely on an extension, we could stay
> with MD5 here. Additionally the admins created in the install tool are
> mostly "first admin users for the system" or "forgot passwort for admin
> user" scenarios. I think we can expect that these users will log into
> the backend after a short time where the password could be changed to
> salted automatically. Furthermore I don't expect that many admin users
> are created in the install tool.
> We could add a note "password is still stored as MD5 but will be changed
> when saltedpasswords is installed on first backend login".
>
i would say yes. As there is an option for autoconvert (which is enabled
by default) the salted pw will be written with login.
And this is the problem i have while testing: it's never written,
because in my case the function compareUident is never used. I looked to
configuration of services, and there is no other service that can take
priority. Ext is installed, init is called.
Second: in the EM configuration forceSalted and updatePasswd are
selected by default, but updatePasswd don't work together with
forceSalted. This looks very odd to me.
vg Steffen
More information about the TYPO3-project-4-3
mailing list