[TYPO3-core] FYI48: Fix bug #13410: saltedpasswords is not used if loginSecurityLevel is empty

Marcus Krause marcus#exp2010 at t3sec.info
Wed Feb 3 13:58:54 CET 2010


Am 03.02.2010 13:16, schrieb Oliver Hader:
> This is an SVN patch request that will be committed to SVN after 48
> hours if nobody objects.
> Solution:
> Use 'normal' as security level in saltedpasswords if the accordant
> TYPO3_CONF_VARS setting is empty.

Sorry, Olly. I don't think it's the right way.

Throughout the Core, it's not consistent, what a empty value means.

@see t3lib/class.t3lib_beuserauth.php l:152
* empty value = superchallenged

@see t3lib/class.t3lib_userauth.php l:205
* empty value = normal

@see t3lib/class.t3lib_userauth.php l:135,1098
* empty value = normal

@see t3lib/config_default.php l:213
* empty value = superchallenged (default)???

@see typo3/sysext/sv/class.tx_sv_loginformhook.php l:49,64
* anything else than challenged,superchallenged,normal = UNKNOWN level

@see typo3/backend.php l:346,349
* empty value = superchallenged

@see typo3/index.php l:110,143
* empty value = superchallenged


What a mess. ;-)


Marcus.


More information about the TYPO3-team-core mailing list