Task #80790
closed
do not expose the password hash in install tool
0%
Description
keep the password hidden, also the hash that's exposed after using a wrong Login.
Updated by Helmut Hummel about 7 years ago
Imho we can't do much in the Install Tool
What I meant is when editing a user in the backend, the hash is exposed in a hidden input field. FormEngine should be changed in a way to not render the value of password fields,
but only generate the hidden field when the password is changed
Updated by Gerrit Code Review about 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52438
Updated by Christian Kuhn about 7 years ago
- Status changed from Under Review to Rejected
We do need the output of the hash generated from the user input - that's a way to manually recover a closed install tool, by manually putting that value into LocalConfiguration.
The valid issue mentioned by Helmut should be done in a new issue that does not mix the backend password display up with the install tool password.