[TYPO3-dev] Ajax-Encryption class [was: RFC: Bugfix #10212: Missing files in sysext install]
Steffen Kamper
info at sk-typo3.de
Wed Jan 28 20:21:35 CET 2009
Hi marcus,
Marcus Krause schrieb:
> Steffen Kamper schrieb am 01/27/2009 11:45 PM Uhr:
>> Hi,
>>
>> i see an advantage doing this with ajax - but not only for install tool.
>> I could imagine to use this for BE login also replacing the md5.js
>> (which causes local character problem anyway and isn't good for
>> maintainance), so i would prefer a generel ajax-encryption class usable
>> for other classes as well.
>>
>> What do you think?
>
> Hi,
>
> Actually I was working on something similar before the security fixes
> and regression bugs came in.
>
> I thought of a (extendable) proper webservice (Soap) for, amongst
> others, authentication.
>
> Extendable in a way that you just could register a custom function for a
> defined role (un-authenticated, user, admin) and the web service would
> gracefully publish such as service method. With PHP5 reflection this is
> pretty easy and doesn't require a developer to know any details about
> web services.
>
> There are soap client implementations in JS available and WSS (Web
> Service Security). WSS supports encryption and signature. With that we
> could implement the planned RSA authentication.
>
> The client (browser) talks to the webservice. With that in place, TYPO3
> would also support Remote Administration.
>
> What do you think? ;-)
>
i'm open for such solution. But for me SOAP is useful for "foreign" site
communication, isn't it overload to do this within BE?
If there is a general class, communication can be done with several
methods, inside BE i would prefer AJAX.
vg Steffen
More information about the TYPO3-dev
mailing list