[TYPO3-dev] Security Warning
Elmar Hinz
elmar.DOT.hinz at team.MINUS.red.DOT.net
Wed Feb 8 08:53:46 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Arne Skjaerholt schrieb:
> I think his point is something I've brought up as well:
> the passwords of Typo3's frontend users are stored in plaintext in the
> db and provided through a field in the fe_user object ($GLOBALS
> ["TSFE" ]->fe_user->user ["password"] if memory serves me right). Some
> (me included) consider this a security problem. I feel that any password
> should be salted and hashed before being stored in the DB.
>
PW of FE users is another field.
/el
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFD6aOKO976RNoy/18RAmvaAJ9wRqPoRv0hSejl0YluZBWSGIZVJACgtbQV
SLTJlgEN1+CxGsiIJ/Xwak8=
=Vkxh
-----END PGP SIGNATURE-----
More information about the TYPO3-dev
mailing list