[TYPO3-project-4-3] saltedpasswords for v4.3
Benjamin Mack
benni at typo3.org
Thu Jun 18 10:36:41 CEST 2009
Hey Steffen,
that sounds very promising. Let's get this one in 4.3! I'm glad there
are so many security improvements going.
One thing though: It might be very helpful with all these modifications
in the backend and frontend of TYPO3 to have a documentation, a chart or
something like that to show what security measurements we have right
now. I mean, if a TYPo3 admin (does not have to be a security geek)
reads this:
* openID support
* RSA authentication for FE and BE (optional, needs dependencies)
* Salted passwords
* MD5-hashed passwords
The admin doesn't know
a) what the benefits are
b) how to enable these features
c) what the implications for each change are in terms of his FE Login
template or his "lost password" feature in there, his LDAP BE User, his
passwords etc.
So, I'm thinking of a cool document like "How to use these cool new
security features in 4.3" so people know what to do with it.
All the best,
Benni.
More information about the TYPO3-project-4-3
mailing list