[TYPO3-core] RFC: #10017: [felogin] New Method for "forgotPassword"
Oliver Hader
oliver at typo3.org
Fri Dec 26 18:50:50 CET 2008
Hi Steffen,
Steffen Kamper schrieb:
> This is SVN patch request.
>
> Type: Feature
>
> Branches: trunk
>
> BT reference: http://bugs.typo3.org/view.php?id=9885
We should get rid of sending the plain-text password in general and use
something like Bernhard's MD5PW extension or even better the new salted
one. I know that there are more steps to be taken (e.g. also provide
update wizard to convert existing FE users if still plain-text method is
used). So, what do you think?
I looked into your patch for some minutes and have some remarks:
* there are the POST/GET arguments 'forgot_hash' and 'forgothash' - are
there differences?
* there's a new method changePassword(), but where is it called?
olly
--
Oliver Hader
TYPO3 4.3 Release Manager
More information about the TYPO3-team-core
mailing list