[TYPO3-english] Salted hashes and security
Markus Klein
klein.t3 at mfc-linz.at
Fri Dec 16 01:08:52 CET 2011
Hi!
What is the exact message shown by the report?
Kind regards
Markus
> -----Original Message-----
> From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-bounces at lists.typo3.org] On Behalf Of Victor Livakovsky
> Sent: Thursday, December 15, 2011 6:04 PM
> To: typo3-english at lists.typo3.org
> Subject: [TYPO3-english] Salted hashes and security
>
> Hi, List.
>
> I just started using TYPO3 4.6, where 'rsaauth' and 'saltedpasswords'
> extensions are installed from very beginning. That's nice and good for security. But I can't understand, why system report claims, that
> website is insecure, when I set "BE.forceSalted" and unset "BE.updatePasswd"? Yes, I know, that user, created by Install Tool will no
> longer be able to log in with this configuration - but this only increases security, since, even if someone gets access to Install Tool, he
> still will not be able to get to BE.
> Or I don't understand something?
>
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list