[TYPO3-dev] Security Warning
Peter Russ
peter.russ at 4many.net
Wed Feb 8 09:12:38 CET 2006
Elmar Hinz schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Arne Skjaerholt schrieb:
>> I think his point is something I've brought up as well:
>> the passwords of Typo3's frontend users are stored in plaintext in the
>> db and provided through a field in the fe_user object ($GLOBALS
>> ["TSFE" ]->fe_user->user ["password"] if memory serves me right). Some
>> (me included) consider this a security problem. I feel that any password
>> should be salted and hashed before being stored in the DB.
>>
>
> PW of FE users is another field.
>
> /el
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFD6aOKO976RNoy/18RAmvaAJ9wRqPoRv0hSejl0YluZBWSGIZVJACgtbQV
> SLTJlgEN1+CxGsiIJ/Xwak8=
> =Vkxh
> -----END PGP SIGNATURE-----
Hi Elmar,
would you do me a favour: could you remove your PGP signature, as for
your reply 7 lines of copy extended by 1 line of new content blown up by
10 lines of signature doesn't make really any sense to me.
Thanks. Regs. Peter.
_____________________________
4Many® Services
openBC: http://www.openbc.com/go/invuid/Peter_Russ
More information about the TYPO3-dev
mailing list