[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
Steffen Kamper
info at sk-typo3.de
Wed May 5 16:01:58 CEST 2010
Hi,
FYI: committed Lars version of the patch except changing chr(42) to '*'
for better code readability
Committed to svn
4_3 rev 7535
trunk rev 7536
I even don't get the need of the random, as if an evil sees all
passwords are 6char '*' he also knows that it's not related to the real
length, and as its OS he could look to source to find out. But maybe you
have to be in sec. team to understand this completely :)
However, random doesn't hurt.
vg Steffen
More information about the TYPO3-team-core
mailing list