[TYPO3-english] Do I still need kb_md5fepw with TYPO3 4.2.6?
Christopher
christopher at temporaryforwarding.com
Sat Feb 21 18:37:41 CET 2009
Hi guys!
"Christopher" schrieb:
> With your answers: kb_md5fepw seems to be at least a good choice for me.
>
> One more thing:
> I now also had the time to have a look at t3sec_saltedpw which
> additionally uses a salt (which should be even more secure).
> The extension always sends the passwords to the server in clear text.
>
> Does kb_md5fepw do the same?
just to have the info here: No, kb_md5fepw transmits the password in an
encrypted way.
>
> Will this be a security risk?
If there is no SSL consider man in the middle-attacks.
> So the final question is: Which of these two extensions would be the
> better choice?
For my problem kb_md5fepw is better.
The additional security which t3sec_saltedpw offers is helpfull, if a
malicious user already has access to the database. He then can read out the
passwords, but they are encrypted in a way which makes reusing them really
hard.
Christopher
More information about the TYPO3-english
mailing list