[TYPO3-project-4-3] saltedpasswords for v4.3

Benjamin Mack benni at typo3.org
Thu Jun 18 10:36:41 CEST 2009


Hey Steffen,

that sounds very promising. Let's get this one in 4.3! I'm glad there 
are so many security improvements going.

One thing though: It might be very helpful with all these modifications 
in the backend and frontend of TYPO3 to have a documentation, a chart or 
something like that to show what security measurements we have right 
now. I mean, if a TYPo3 admin (does not have to be a security geek) 
reads this:

* openID support
* RSA authentication for FE and BE (optional, needs dependencies)
* Salted passwords
* MD5-hashed passwords

The admin doesn't know
a) what the benefits are
b) how to enable these features
c) what the implications for each change are in terms of his FE Login 
template or his "lost password" feature in there, his LDAP BE User, his 
passwords etc.

So, I'm thinking of a cool document like "How to use these cool new 
security features in 4.3" so people know what to do with it.

All the best,
Benni.


More information about the TYPO3-project-4-3 mailing list