Project

General

Profile

Actions
Copy link

Bug #32650

closed

Confusing error message in reports module, when BE.forceSalted is set

Added by Viktor Livakivskyi almost 13 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2011-12-17
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Hi.

When I set "BE.forceSalted" and unset "BE.updatePasswd" at 'saltedpasswords' extension configuration, I'm getting an error mesage in reports module:

"Backend user password hashes" - "Insecure" 
During the configuration check of saltedpasswords the following issues have 
been found:

Warnings about your configuration
SaltedPasswords might behave different than expected:

    The backend is configured to use SaltedPasswords with RSA authentication.

    SaltedPasswords has been configured to enforce salted passwords (forceSalted).
    This means that only passwords in the format of this extension will succeed for login.
    IMPORTANT: This has the effect that passwords that are set from the Install Tool will not work!

Note, that a wrong configuration might have impact on the security of your TYPO3 installation and the usability of the backend.

That is confusing, since setting this option only inreases security - not making website insecure. That should be changed to info message, that says, that users, created via Install Tool will no longer be able to login to BE.

Actions
Copy link
 #1

Updated by Gerrit Code Review almost 13 years ago

Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7267

Actions
Copy link
 #2

Updated by Gerrit Code Review almost 13 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

Actions
Copy link
 #3

Updated by Markus Klein almost 13 years ago

Please forget about the first push. ChangeID shit happened...

Actions
Copy link
 #4

Updated by Gerrit Code Review almost 13 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

Actions
Copy link
 #5

Updated by Gerrit Code Review almost 13 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

Actions
Copy link
 #6

Updated by Gerrit Code Review almost 13 years ago

Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

Actions
Copy link
 #7

Updated by Gerrit Code Review almost 13 years ago

Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/8894

Actions
Copy link
 #8

Updated by Gerrit Code Review almost 13 years ago

Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/8895

Actions
Copy link
 #9

Updated by Jigal van Hemert almost 13 years ago

  • Project changed from 568 to TYPO3 Core
Actions
Copy link
 #10

Updated by Jigal van Hemert almost 13 years ago

  • Category set to Authentication
  • Status changed from New to Resolved
  • % Done changed from 0 to 100
  • TYPO3 Version set to 4.5

Patches in all three branches are merged, but because it was in a different project it was not automagically Resolved.

Actions
Copy link
 #11

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF