Page 1 of 1

Wish list - Encrypted passwords for Admins by default

PostPosted: 8:50pm, Thu 11 Aug, 2011
by benmoreassynt
As far as I can see, although you can request that regular passwords are encrypted in the /config/config.php file, this does not affect admin passwords. Moreover, one admin can see another admin's password in plain text in the back end. Assuming that 99.9% of even developers use the same password for multiple sites, this is far from ideal, especially if a site is hacked.

I'd like to see passwords encrypted and salted, and a password reset/recovery system put in place for the admins.

Re: Wish list - Encrypted passwords for Admins by default

PostPosted: 7:40pm, Mon 15 Aug, 2011
by michiel
That's available in the development version. 2.11.6 is cautiously stable, but as usual development versions may have some issues on certain systems.