[Typo3-dev] [encryptionKey]
Rupert Germann
rupi at gmx.li
Tue May 24 13:02:33 CEST 2005
ben van 't ende [netcreators] wrote:
> Kasper has included a new feature [encryptionKey]. A warning is shown in
> the backend of TYPO3 3.8.0 when not activated. I am unsure of what this
> is about despite the helptext Kasper has included in the install tool.
> Can anyone explain what the [encryptionKey] actually is for?
in this article [1] he wrote:
----
Forging &cHash?
Now, could the enemy calculate that cHash value himself? Well, only if he
can guess the value of the $TYPO3_CONF_VARS[SYS][encryptionKey] since that
is included both in the generation of the cHash in the URL and during
verification. This value is supposed to be secret and since the cHash
cannot be reverse engineered the only way to find that value is to hack the
server or guess it.
----
clearer ?
greets
rupi
[1] http://typo3.org/development/articles/the-mysteries-of-chash/
More information about the TYPO3-dev
mailing list