[TYPO3-v4] Enabling saltedpasswords and rsaauth by default

Helmut Hummel helmut.hummel at typo3.org
Sat Jul 23 14:01:48 CEST 2011


Hi Dmitry,

On 23.07.11 10:13, Dmitry Dulepov wrote:

> Helmut Hummel wrote:
>> I talked to Xavier at the T3CTM and he was fine enabling saltedpasswords
>> and rsaauth by default before feature freeze of 4.6. and implementing
>> checks if both are working properly until the final release.
>
> This should happen for *new* installations only.

This is the case, until someone writes an upgrade wizard, because 
enabling happens in the 123 mode of the install tool.

Do you think that enabling rsaauth/ saltedpasswords in an upgrade wizard 
is a bad idea? If so, why?

Kind regards,
Helmut

-- 
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org


More information about the TYPO3-project-v4 mailing list