[TYPO3-core] RFC #14307: fe_user passwords are visible in the info popup window in the backend
bernd wilke
t3ng at pi-phi.tk
Thu May 6 00:38:17 CEST 2010
Am Wed, 05 May 2010 23:43:47 +0200 schrieb Steffen Kamper:
> Lars Houmark schrieb:
>>> * if i was a bad admin and I would saw random number of asterisks my
>>> bruteforce went 6, 7, 5, 8, 9, 10, ... digits anyway
>>
>> Good luck, did you calculate the time added for doing that? ;)
>>
>>
> don't forget, before the commit no hacker attack was needed :)
>
WTF are you talking about?
it is nice that passwords are not displayed by default for everyone in BE.
But any admin(!) has several posssibilities to see the passwords anyway
in less than 5 minutes.
Who needs to care wether those stars simulate different length if the
real password can be seen with just two minutes more work?
If anyone cares about the clear passwords he would install encrypted
passwords, which means nobody can see the passwords anyway.
let's do a flamewar about using serif or sanserif fonts for the password-
stars!
SCNR
bernd
--
http://www.pi-phi.de/cheatsheet.html
More information about the TYPO3-team-core
mailing list