[TYPO3-core] RFC #13754: Secure Install Tool Login
Sigfried Arnold
s.arnold at rebell.at
Wed Mar 10 10:53:26 CET 2010
Am 06.03.2010 21:22, schrieb Steffen Ritter:
> Bernhard Kraft schrieb:
> To me it's not possible to do such things for install tool... it's
> disabled by default, only enabled when really needed and most times
> furthermore just has some pseudo-password.
And the pseudo password of couse should be some irrational sequence you
can't remember. If you really want to log in, you can look it up
quickly. Then, it does not matter, if the install tool password is a
weak password like 'g61xa781' or a strong, like
'N MzRS5{NRJ/!s-^wlaT&)N}Be1;+R(ZT|Ei*,+ggVo6]}LV}R:i*%iopHNjIL&2'
If everybody uses the install tool properly, ther is no need for salting
the password.
But the past showed, eben Wolfang Schäubles install tool password was a
simple string "gewinner" wich everybody could quickly look up in a
rainbow table.
http://www.heise.de/newsticker/meldung/Website-von-Wolfgang-Schaeuble-ueber-Typo3-Luecke-gehackt-Update-194363.html
regards
Sigfried Arnold
More information about the TYPO3-team-core
mailing list