[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
Xavier Perseguers
typo3 at perseguers.ch
Wed May 5 13:10:28 CEST 2010
Hi,
> Steffen Kamper wrote:
>> ok, you did this, sry. But why random? I simplified and show always
>> '******'
>
> Because the amount can potentially lead the "bad admin" on the way of
> what the password could be, especially if he has some kind of idea
> already. Doing it randomly keeps him clueless and is the most secure way :)
>
> Trust me on this one ;)
How can a fixed-length string of 6 asterisks disclose any information about the real password? Don't understand why I'd trust you on this ;-)
--
Xavier Perseguers
http://xavier.perseguers.ch/en
More information about the TYPO3-team-core
mailing list