Actions
Bug #32650
closed
Confusing error message in reports module, when BE.forceSalted is set
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2011-12-17
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
Hi.
When I set "BE.forceSalted" and unset "BE.updatePasswd" at 'saltedpasswords' extension configuration, I'm getting an error mesage in reports module:
"Backend user password hashes" - "Insecure"
During the configuration check of saltedpasswords the following issues have
been found:
Warnings about your configuration
SaltedPasswords might behave different than expected:
The backend is configured to use SaltedPasswords with RSA authentication.
SaltedPasswords has been configured to enforce salted passwords (forceSalted).
This means that only passwords in the format of this extension will succeed for login.
IMPORTANT: This has the effect that passwords that are set from the Install Tool will not work!
Note, that a wrong configuration might have impact on the security of your TYPO3 installation and the usability of the backend.
That is confusing, since setting this option only inreases security - not making website insecure. That should be changed to info message, that says, that users, created via Install Tool will no longer be able to login to BE.
Updated by 
Updated by 
Updated by 
Updated by
Actions