Project

General

Profile

Actions
Copy link

Task #70214

closed

rsaauth should not send hashed password hash to formengine

Added by Markus Klein over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Markus Klein
Category:
-
Target version:
-
Start date:
2015-09-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Currently, the hashed password is transmitted to the browser, when a beuser is edited.
This is necessary, as otherwise the current password would be overwritten.

In my opinion it is a bad practice to send (even a hashed) password around. Data should only flow in one direction, from the browser to the server.

Related issues 1 (1 open0 closed)

Is duplicate of TYPO3 Core - Task #59233: Do not transfer content of fields with eval=passwordAccepted2014-05-30

Actions
Actions
Copy link
 #1

Updated by Martin Kutschker over 8 years ago

Yes, password equivalents should not be transmitted (insecurely) without a good reason.

Actions
Copy link
 #2

Updated by Helmut Hummel over 8 years ago

  • Status changed from New to Closed

closed as duplicate

Actions
Copy link
 #3

Updated by Helmut Hummel over 8 years ago

  • Project changed from 1716 to TYPO3 Core

can safely be handled in public tracker

Actions
Copy link

Also available in: Atom PDF