Bug #32920
Bounce account password security
| Status: | Rejected | Start date: | 2012-01-02 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | Adrien Crivelli | % Done: | 0% |
|
| Category: | - | |||
| Target version: | 1.2.1 | |||
| Votes: | 0 |
Description
Bounce account password are displayed and stored without any protection. At least we should use "password input" and maybe find a way to crypt password (but not hash!)
History
Updated by Adrien Crivelli over 1 year ago
- Status changed from New to Accepted
- Assignee set to Adrien Crivelli
Updated by Adrien Crivelli over 1 year ago
- Status changed from Accepted to Rejected
The field is actually already using 'password' eval as described in TCA documentation. And we didn't found any way to "inject" encryption for display and storage (especially to display value).
tslib_fe::codeString() would have been a nice thing to use for encryption though...