[TYPO3-core] FYI48: Fix bug #13410: saltedpasswords is not used if loginSecurityLevel is empty

Marcus Krause marcus#exp2010 at t3sec.info
Wed Feb 3 14:02:54 CET 2010


Am 03.02.2010 13:42, schrieb Dmitry Dulepov:
> Hi!
> 
> On 2010-02-03 14:16:31 +0200, Oliver Hader said:
>> This is an SVN patch request that will be committed to SVN after 48
>> hours if nobody objects.
>>
>> Type: Bugfix
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=13410
>>
>> Branches: TYPO3_4-3, Trunk
>>
>> Problem:
>> If the TYPO3_CONF_VARS setting 'loginSecurityLevel' is empty, TYPO3 uses
>> the level 'normal' as default value. However, the saltedpasswords
>> extension does not consider this behaviour.
> 
> The extension warns in EM about it when installing. It says that
> loginSecurityLevel is empty but should be "normal". I guess it is by
> design: it works only when options are set to specific values.
> 
> May be Marcus can comment.

I think we're putting unnecessary too much magic in it. Like outlined by
Dmitry, the configuration check prints a warning if it's not "normal" or
"rsa". I think this is sufficient.

In addition, regarding to the "magic" you'd like to commit, see my other
mail in this thread that ends with "what a mess". ;-)

Marcus.


More information about the TYPO3-team-core mailing list