[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
Lars Houmark
lars at houmark.com
Wed May 5 13:01:11 CEST 2010
Hi Steffen,
Steffen Kamper wrote:
> ok, you did this, sry. But why random? I simplified and show always
> '******'
Because the amount can potentially lead the "bad admin" on the way of
what the password could be, especially if he has some kind of idea
already. Doing it randomly keeps him clueless and is the most secure way :)
Trust me on this one ;)
> +1 by reading and testing
>
> vg Steffen
Thanks, please commit my version. The overhead of doing the for loop is
really minimal.
I suggest also doing it for 4.3 as it can be considered somehow a
security problem.
--
Lars Houmark
More information about the TYPO3-team-core
mailing list