[TYPO3-core] Feature request: Remove password from content of notification emails

Andreas Otto andreas.otto at dkd.de
Fri May 18 10:21:31 CEST 2007


Hi Dmitry,

Dmitry Dulepov wrote:
> At least it is harder and requires computation power because you cannot
> guess even password length. As the last resort we can say that "last 10
> md5 digits were...", etc

Changed in trunk:

If TYPO3 is configured to send a notification email about install tool
logins this email discloses the used password if the login fails. Since
this behaviour might not be wanted only the last 5 characters of the md5
hash of the used password are disclosed.


Cheers,
Andreas


More information about the TYPO3-team-core mailing list