Feature #50613: Use salted Install Tool password - Core - TYPO3 Forge

Core Indexed Search Linkvalidator Release Cycles Team Resources Workspaces & Versioning TYPO3 CMS Usability Team Community Extensions Distributions Feature-Requests TYPO3 6.2 Projects (+)(Archived Projects)

Feature #50613

Task #49162: Rewrite install tool

Use salted Install Tool password

Added by Nicole Cordes about 2 years ago. Updated almost 2 years ago.

Status:

Resolved

Start date:

2013-08-01

Priority:

Should have

Due date:

Assigned To:

Nicole Cordes

% Done:

100%

Category:

Install Tool

Spent time:

Target version:

6.2.0

PHP Version:

Sprint Focus:

Complexity:

Description

To enhanced the security change Install Tool password from md5 hash to salted.

Related issues

Associated revisions

Revision d1199a88
Added by Nicole Cordes almost 2 years ago

[FEATURE] Use salted Install Tool password

To enhanced the security this patch changes the Install Tool password
from md5 hash to a salted hashed password. Therefore the default
password in the FactoryConfiguration.php is changed. Old md5 hashes get
converted automatically during the boot process of the Install Tool. The
output of the calculated hash is reintroduced when an error occured.
The report modules were adjusted to be able to check salted hashed
passwords.

Resolves: #50613
Releases: 6.2
Change-Id: If02a43780c9c819ebd6da7cbf0acad305f805330
Reviewed-on: https://review.typo3.org/22739
Reviewed-by: Kai Ole Hartwig
Tested-by: Kai Ole Hartwig
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn

History

#1 Updated by Gerrit Code Review about 2 years ago

Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22739

#2 Updated by Christian Kuhn almost 2 years ago

Parent task set to #49162

#3 Updated by Gerrit Code Review almost 2 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22739

#4 Updated by Gerrit Code Review almost 2 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22739

#5 Updated by Nicole Cordes almost 2 years ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

Applied in changeset d1199a8880f6cf83371e120a1b82dc46d6b9a9bf.

#6 Updated by Gerrit Code Review almost 2 years ago

Status changed from Resolved to Under Review

Patch set 1 for branch master_new has been pushed to the review server.
It is available at https://review.typo3.org/23416

#7 Updated by Nicole Cordes almost 2 years ago

Status changed from Under Review to Resolved

Already merged.

Also available in: Atom PDF

	related to Core - Feature #22245: Secure Install Tool Login	Resolved	2010-03-06
	related to Core - Feature #21423: Install Tool Password gets transmitted plain text	Rejected	2009-11-02

Core

Issues

Custom queries