[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
Jörg Klein
joerg at klein-family.com
Wed May 5 13:19:34 CEST 2010
Hi Lars,
"Lars Houmark" <lars at houmark.com> schrieb im Newsbeitrag
news:mailman.1.1273009862.25563.typo3-team-core at lists.typo3.org...
>
> Problem: The FE user passwords are still shown in the info popup window
> in the list module (and page module).
>
> Solution: Attached patch will hide the password by changing it to a
> random number (between 5-12 chars) of asterisk (*).
one question: What is the benefit of having a random number of asterisks
there?
Sure, it is more secure than now, but not showing this field at all would at
least be same secure, wouldn't it?
That would also be in line with the solutions in the page module (issue
9798) and in the install tool (issue 10993), where we also don't show
asterisks.
I don't see, for what reason you want to display random information, which
is not useable for anything...
Hide password fields and everything is fine.
Just my 2 cents.
Jörg
More information about the TYPO3-team-core
mailing list