[TYPO3-core] Re: Re: Re: RFC#13662: Bug: rsaauth doesn't work with special characters (like ä ü ö § ) in password
Marcus Krause
marcus#exp2010 at t3sec.info
Fri Aug 13 09:27:03 CEST 2010
Helmut Hummel schrieb am 08/13/2010 08:53 AM Uhr:
> Hi Steffen,
>
> On 12.08.10 23:40, Steffen Gebert wrote:
>> Attached is a tiny patch, which adds devlog entries while changing the
>> PW and login (only works with the salted MD5 method) and helps you
>> debugging this issue.
>
> Logging the md5 of the plaintext password contradicts the sense of
> salted password storage, because the password would be stored (somewhere
> the log goes into) in a much more insecure way.
I stumbled over this for exact the same reasons. However, I assumed it
is not intended to commit but for testing this issue only. (It
introduces devlog stuff for one salting method only.)
Marcus.
--
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/
More information about the TYPO3-team-core
mailing list