Actions
Task #70214
closedrsaauth should not send hashed password hash to formengine
Start date:
2015-09-30
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Sprint Focus:
Description
Currently, the hashed password is transmitted to the browser, when a beuser is edited.
This is necessary, as otherwise the current password would be overwritten.
In my opinion it is a bad practice to send (even a hashed) password around. Data should only flow in one direction, from the browser to the server.
Actions