[TYPO3-english] TYPO3.ORG hacked
Andreas Becker
ab.becker at web.de
Sun Nov 16 02:38:18 CET 2008
Hi
Why don't you simply integrate the complete password stuf into the core -
backend as well as frontend.
If a user has forgotten his problem this isn't a problem at all - simply as
standard he gets a random generated one and can change it later if he wants
to.
Simply make the highest standards of security the TYPO3 standard and don't
ask if someone wants a less secure one. If they want to change it to
unsecure it will be their fault if they get hacked and not the one of an
insecure TYPO3.
Big Plus in this approach would also be that all this hick hack with
connecting a backend user with a frontend user could be integrated in core
to and working simply by default. Check out eZ-Publish how they do it. You
install the site and you have a secure login and much much more automatic
installed which improves security beside the fact that when you install an
eZ-Publish or eZ-Flow you already have a working site and can start simply
with inserting content ;-)
Same is to Silverstripe, Magento, CMSMS and many more high class CMS. They
simply try to provide the highest standard in password and login security
just from scratch when you start installing your site - WHY NOT TYPO3?
Andi
2008/11/15 Xavier Perseguers <typo3 at perseguers.ch>
> Hi!
>
> > Daniel Pšötzinger wrote:
> >> I just remeber the reoccuring discussions in the dev list where people
> >> didnt like the nonhashed passwords in the fe_user table :-)
> >
> > If I understand correctly, it exists to allow "remind password"
> > function. Though generating a new password will be an option too.
>
> Certainly but to be honest, I don't like websites who send me my actual
> password as reminder, I highly prefer to get a new one as it implies
> that they did not store it in clear text. This is quite dumb but I'm
> more confident to have "personal" data there.
>
> --
> Xavier Perseguers
> http://xavier.perseguers.ch/en
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
--
Thanks a lot! Greetings from ICT Innovation Paradise Andi Blog:
http://andibecker.lisandi.com Map: http://maps.lisandi.com Album:
http://pics.lisandi.com Videos: http://video.lisandi.com Projects:
http://www.t3log.info T3Pack - TYPO3 Development, TEAM 3 - Eternal
Project Management LisAndi Co. Ltd. - The future is within us! POWER4 -
The empowering people!
More information about the TYPO3-english
mailing list