[TYPO3-core] RFC: #16360: Feature: [saltedpasswords] Provide a task for bulk update of passwords for use with saltedpasswords
Christian Kuhn
lolli at schwarzbu.ch
Fri Nov 12 10:04:24 CET 2010
On 11/12/2010 07:10 AM, Georg Ringer wrote:
> +1 on reading.
Thanks :)
> One remark:
> Instead of using 1=1 in the clause, why not using
> t3lib_BEfunc::deleteClause($table)? IMO there is no need to update
> passwords of deleted users
But it doesn't harm, too. The point is to raise the barrier for some
attacker who acquired a user table as much as possible. Maybe saved
credentials of a deleted row are still valid on some other site ...
Regards
Christian
More information about the TYPO3-team-core
mailing list