[TYPO3-english] Salted hashes and security

Victor Livakovsky v-tyok at mail.ru
Fri Dec 16 01:03:32 CET 2011


Hi, List.

I just started using TYPO3 4.6, where 'rsaauth' and 'saltedpasswords' 
extensions are installed from very beginning. That's nice and good for 
security. But I can't understand, why system report claims, that website is 
insecure, when I set "BE.forceSalted" and unset "BE.updatePasswd"? Yes, I 
know, that user, created by Install Tool will no longer be able to log in 
with this configuration - but this only increases security, since, even if 
someone gets access to Install Tool, he still will not be able to get to BE.
Or I don't understand something? 



More information about the TYPO3-english mailing list