[TYPO3-core] FYI48: Fix bug #13410: saltedpasswords is not used if loginSecurityLevel is empty
Marcus Krause
marcus#exp2010 at t3sec.info
Wed Feb 3 13:58:54 CET 2010
Am 03.02.2010 13:16, schrieb Oliver Hader:
> This is an SVN patch request that will be committed to SVN after 48
> hours if nobody objects.
> Solution:
> Use 'normal' as security level in saltedpasswords if the accordant
> TYPO3_CONF_VARS setting is empty.
Sorry, Olly. I don't think it's the right way.
Throughout the Core, it's not consistent, what a empty value means.
@see t3lib/class.t3lib_beuserauth.php l:152
* empty value = superchallenged
@see t3lib/class.t3lib_userauth.php l:205
* empty value = normal
@see t3lib/class.t3lib_userauth.php l:135,1098
* empty value = normal
@see t3lib/config_default.php l:213
* empty value = superchallenged (default)???
@see typo3/sysext/sv/class.tx_sv_loginformhook.php l:49,64
* anything else than challenged,superchallenged,normal = UNKNOWN level
@see typo3/backend.php l:346,349
* empty value = superchallenged
@see typo3/index.php l:110,143
* empty value = superchallenged
What a mess. ;-)
Marcus.
More information about the TYPO3-team-core
mailing list