Project

General

Profile

Actions
Copy link

Feature #51479

closed

Show somehow which user passwords are treatend as unsecure.

Added by Kay Strobach over 10 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Reports
Target version:
-
Start date:
2013-08-28
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Show somehow which user passwords are treatend as unsecure.
-> it's hard to figure out, which passwords are the problem :D

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Feature #80793: provide configurable password policiesClosed2017-04-10

Actions
Follows TYPO3 Core - Bug #36244: Status report shows security warning after Scheduler "Convert user passwords to salted hashes (saltedpasswords)"Closed2012-04-17

Actions
Actions
Copy link
 #1

Updated by Philipp Gampe over 10 years ago

  • Status changed from New to Needs Feedback

So you want a list of users there?

Actions
Copy link
 #2

Updated by Kay Strobach over 10 years ago

either a list of users / uid in the mail or any indication in the be_user module, that a particular users password is unsecure (in case of encryption)

Actions
Copy link
 #3

Updated by Alexander Opitz over 10 years ago

  • Category set to Backend User Interface
  • Status changed from Needs Feedback to New
Actions
Copy link
 #4

Updated by Philipp Gampe over 9 years ago

  • Complexity set to easy

Basically, the report only needs to collect the backend user names and uids of effected accounts and to display those in a nice table.

Actions
Copy link
 #5

Updated by Susanne Moog over 8 years ago

  • Category changed from Backend User Interface to Reports
Actions
Copy link
 #6

Updated by Riccardo De Contardi almost 7 years ago

  • Related to Feature #80793: provide configurable password policies added
Actions
Copy link
 #7

Updated by Benni Mack about 4 years ago

  • Status changed from New to Needs Feedback

Hey Kay,

I know this issue is very old but I need some basic input again on this.

What do you mean with insecure? I guess passwords that haven't been converted to salted passwords yet?

Actions
Copy link
 #8

Updated by Kay Strobach about 4 years ago

There was a report, which said something like, "xxx passwords are not yet converted and considered safed unsecure".

The UX Problem was, that there was no way to see, in the UI, which of the users are affected.

For v9 etc. this might be considered deprecated, and could be closed, i can not find the report in the v9 module anymore.

Actions
Copy link
 #9

Updated by Riccardo De Contardi about 4 years ago

I guess we're talking of this one:

TYPO3 8.7.32

EXT:reports/Classes/Report/Status/SecurityStatus.php, function getSaltedPasswordsStatus

The label is: EXT:reports/Resources/Private/Language/locallang_reports.xlf:status_saltedPasswords_notAllPasswordsHashed

both function and label are absent on 9.5.15 (I don't know the exact commit, it could be https://review.typo3.org/c/Packages/TYPO3.CMS/+/57885/ )

Actions
Copy link
 #10

Updated by Benni Mack about 4 years ago

  • Status changed from Needs Feedback to Closed

Thanks for the quick feedback. Closing this now!

Actions
Copy link

Also available in: Atom PDF