Project

General

Profile

Actions

Task #70214

closed

rsaauth should not send hashed password hash to formengine

Added by Markus Klein about 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2015-09-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Currently, the hashed password is transmitted to the browser, when a beuser is edited.
This is necessary, as otherwise the current password would be overwritten.

In my opinion it is a bad practice to send (even a hashed) password around. Data should only flow in one direction, from the browser to the server.


Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Task #59233: Do not transfer content of fields with eval=passwordClosed2014-05-30

Actions
Actions

Also available in: Atom PDF