[TYPO3-core] RFC: Feature Request #7139: Integration of fe_users password encryption
Dmitry Dulepov [typo3]
dmitry at typo3.org
Mon Jan 14 21:50:40 CET 2008
Hi!
Ingmar Schlecht wrote:
> However, using the encryption key is not such a good idea, because just
> imagine that you accidentally change it: Then all your FE user passwords
> get invalid! Therefore it is better to save the salt along with the
> passwords.
If security key is changed, lots of things stop working. I tried once (it was for 3.7.0 I think). So it quite safe to use: everything breaks if security key is changed.
> You can also store the password in the same field you store the MD5 in
> (the "password" field of the fe_users table), maybe separated by an "@".
>
> Example:
> a2md56fhf7zfmd5rhzfdmd5du4 at some_random_salt_string_for_this_password
Hm, good idea! Random string can be obtained with "uniqid('', true)".
--
Dmitry Dulepov
TYPO3 core team
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
"Nothing is impossible. There are only limits to our knowledge"
More information about the TYPO3-team-core
mailing list