Confusing error message in reports module, when BE.forceSalted is set
When I set "BE.forceSalted" and unset "BE.updatePasswd" at 'saltedpasswords' extension configuration, I'm getting an error mesage in reports module:
"Backend user password hashes" - "Insecure" During the configuration check of saltedpasswords the following issues have been found: Warnings about your configuration SaltedPasswords might behave different than expected: The backend is configured to use SaltedPasswords with RSA authentication. SaltedPasswords has been configured to enforce salted passwords (forceSalted). This means that only passwords in the format of this extension will succeed for login. IMPORTANT: This has the effect that passwords that are set from the Install Tool will not work! Note, that a wrong configuration might have impact on the security of your TYPO3 installation and the usability of the backend.
That is confusing, since setting this option only inreases security - not making website insecure. That should be changed to info message, that says, that users, created via Install Tool will no longer be able to login to BE.
Updated by Jigal van Hemert almost 12 years ago
- Category set to Authentication
- Status changed from New to Resolved
- % Done changed from 0 to 100
- TYPO3 Version set to 4.5
Patches in all three branches are merged, but because it was in a different project it was not automagically Resolved.