[Typo3-dev] [encryptionKey]

ben van 't ende [netcreators] ben at netcreators.nl
Tue May 24 16:56:13 CEST 2005


Rupert Germann wrote:
> ben van 't ende [netcreators] wrote:
> 
>>Kasper has included a new feature [encryptionKey]. A warning is shown in
>>the backend of TYPO3 3.8.0 when not activated. I am unsure of what this
>>is about despite the helptext Kasper has included in the install tool.
>>Can anyone explain what the [encryptionKey] actually is for?
> 
> 
> in this article [1] he wrote:
> ----
> Forging &cHash? 
> 
> Now, could the enemy calculate that cHash value himself? Well, only if he
> can guess the value of the $TYPO3_CONF_VARS[SYS][encryptionKey] since that
> is included both in the generation of the cHash in the URL and during
> verification. This value is supposed to be secret and since the cHash
> cannot be reverse engineered the only way to find that value is to hack the
> server or guess it. 
> ----
> 
> 
> clearer ?


YES and tHNx

ben
-- 
netcreators :: creation and innovation
www.netcreators.nl -  www.typo3.nl




More information about the TYPO3-dev mailing list