[TYPO3-core] FYI48: Fix bug #13410: saltedpasswords is not used if loginSecurityLevel is empty
Dmitry Dulepov
dmitry.dulepov+t3ml at gmail.com
Wed Feb 3 13:42:18 CET 2010
Hi!
On 2010-02-03 14:16:31 +0200, Oliver Hader said:
> This is an SVN patch request that will be committed to SVN after 48
> hours if nobody objects.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=13410
>
> Branches: TYPO3_4-3, Trunk
>
> Problem:
> If the TYPO3_CONF_VARS setting 'loginSecurityLevel' is empty, TYPO3 uses
> the level 'normal' as default value. However, the saltedpasswords
> extension does not consider this behaviour.
The extension warns in EM about it when installing. It says that
loginSecurityLevel is empty but should be "normal". I guess it is by
design: it works only when options are set to specific values.
May be Marcus can comment.
--
Dmitry Dulepov
TYPO3 expert / TYPO3 core team member / TYPO3 security team member
Read more @ http://dmitry-dulepov.com/
More information about the TYPO3-team-core
mailing list