Reputation: 565
TYPO3 backend user without password
Is it save to create backend user with an empty password?
For example the _cli_lowlevel backend user or a backend user editor-test, which I only use for testing purposes via the "Switch to user" feature.
Upvotes: 0
Views: 687
Answers (1)
Reputation: 10790
usually a cli_* user should have no rights to access anything in the BE (non admin user, with no mount-points). it is used to execute TYPO3 by command line. if anyone can get access to a shell he can execute commands more dangerous than a simple BE-access. e.g. he can open access to the install-tool and create an admin-user. or use mysql-cli to set passwords to any given user.
normally you can not create BE-users without password as the form for BE-users requires a not empty password field. as you probably use salted and hashed passwords even a simple password can not be decrypted (so a brute force attack may find the password quickly). so the best way would be a long random password which you might forget the next moment.
Upvotes: 3
Related Questions
- TYPO3 password protection without username
- TYPO3 8.7.1 backend Login not working
- Typo3 BackEnd User Log In Programmatically
- TYPO3 create frontend user
- TYPO3 frontend login always wrong user / password
- Authenticating remotely validated user credentials for TYPO3 backend
- TYPO3 login BE user via code
- TYPO3 6.1.11 login front end user programmatically
- How to enable TYPO3 non-admin to administer backend users
- Typo3 4.5.5 and Typo3 4.6.8 backend login doesn't work?