[TYPO3-v4] Enabling saltedpasswords and rsaauth by default
Helmut Hummel
helmut.hummel at typo3.org
Sat Jul 23 14:01:48 CEST 2011
Hi Dmitry,
On 23.07.11 10:13, Dmitry Dulepov wrote:
> Helmut Hummel wrote:
>> I talked to Xavier at the T3CTM and he was fine enabling saltedpasswords
>> and rsaauth by default before feature freeze of 4.6. and implementing
>> checks if both are working properly until the final release.
>
> This should happen for *new* installations only.
This is the case, until someone writes an upgrade wizard, because
enabling happens in the 123 mode of the install tool.
Do you think that enabling rsaauth/ saltedpasswords in an upgrade wizard
is a bad idea? If so, why?
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-v4
mailing list