Bug #32650

Confusing error message in reports module, when BE.forceSalted is set

Added by Viktor Livakivskyi over 10 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2011-12-17
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Hi.

When I set "BE.forceSalted" and unset "BE.updatePasswd" at 'saltedpasswords' extension configuration, I'm getting an error mesage in reports module:

"Backend user password hashes" - "Insecure" 
During the configuration check of saltedpasswords the following issues have 
been found:

Warnings about your configuration
SaltedPasswords might behave different than expected:

    The backend is configured to use SaltedPasswords with RSA authentication.

    SaltedPasswords has been configured to enforce salted passwords (forceSalted).
    This means that only passwords in the format of this extension will succeed for login.
    IMPORTANT: This has the effect that passwords that are set from the Install Tool will not work!

Note, that a wrong configuration might have impact on the security of your TYPO3 installation and the usability of the backend. 

That is confusing, since setting this option only inreases security - not making website insecure. That should be changed to info message, that says, that users, created via Install Tool will no longer be able to login to BE.

#1

Updated by Gerrit Code Review over 10 years ago

Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7267

#2

Updated by Gerrit Code Review over 10 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

#3

Updated by Markus Klein over 10 years ago

Please forget about the first push. ChangeID shit happened...

#4

Updated by Gerrit Code Review over 10 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

#5

Updated by Gerrit Code Review over 10 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

#6

Updated by Gerrit Code Review over 10 years ago

Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7347

#7

Updated by Gerrit Code Review over 10 years ago

Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/8894

#8

Updated by Gerrit Code Review over 10 years ago

Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/8895

#9

Updated by Jigal van Hemert over 10 years ago

  • Project changed from 568 to TYPO3 Core
#10

Updated by Jigal van Hemert over 10 years ago

  • Category set to Authentication
  • Status changed from New to Resolved
  • % Done changed from 0 to 100
  • TYPO3 Version set to 4.5

Patches in all three branches are merged, but because it was in a different project it was not automagically Resolved.

#11

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF