[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
Felix Oertel
mehl at foertel.com
Wed May 5 20:52:45 CEST 2010
hey,
Am 05.05.10 20:46, schrieb Lars Houmark:
> The point is, the evil person would know he cannot trust the length, so
> it is worthless
yah, as it is with always 6 digits ;)
> (if he reloads once he will notice the change of
> length).
if he is not a retard or a 5-year-old he will know that anyway ...
besides: let the bad guy think he knows that all passowrds have 6 digits
... they don't, so why not let him hack up on that*? ;)
regards, foertel
* if i was a bad admin and I would saw random number of asterisks my
bruteforce went 6, 7, 5, 8, 9, 10, ... digits anyway
More information about the TYPO3-team-core
mailing list