[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
Jigal van Hemert
jigal at xs4all.nl
Wed May 5 18:15:44 CEST 2010
Lars Houmark wrote:
> Solution: Attached patch will hide the password by changing it to a
> random number (between 5-12 chars) of asterisk (*).
And the simplest solution:
$l = str_repeat('*', rand(5, 12));
+1 by reading
(I don't see any information disclosure in using a fixed length string,
but it's not worth fighting over either :-) )
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list