[TYPO3-core] RFC: Feature Request #7139: Integration of fe_users password encryption
Steffen Kamper
steffen at sk-typo3.de
Mon Jan 14 21:58:36 CET 2008
"Dmitry Dulepov [typo3]" <dmitry at typo3.org> schrieb im Newsbeitrag
news:mailman.1.1200343841.10221.typo3-team-core at lists.netfielders.de...
> Hi!
>
> Ingmar Schlecht wrote:
>> However, using the encryption key is not such a good idea, because just
>> imagine that you accidentally change it: Then all your FE user passwords
>> get invalid! Therefore it is better to save the salt along with the
>> passwords.
>
> If security key is changed, lots of things stop working. I tried once (it
> was for 3.7.0 I think). So it quite safe to use: everything breaks if
> security key is changed.
>
>> You can also store the password in the same field you store the MD5 in
>> (the "password" field of the fe_users table), maybe separated by an "@".
>>
>> Example:
>> a2md56fhf7zfmd5rhzfdmd5du4 at some_random_salt_string_for_this_password
>
> Hm, good idea! Random string can be obtained with "uniqid('', true)".
>
> --
the biggest problem for me is the JS for the BE. Looking to md5.js it's not
an easy task
vg Steffen
More information about the TYPO3-team-core
mailing list