[TYPO3-dev] Services architecture
Helmut Hummel
helmut.hummel at typo3.org
Thu Mar 24 09:18:34 CET 2011
Hi Christian,
On 24.03.11 07:06, Christian Lerrahn (Cerebrum) wrote:
> Now, I was rather puzzled (and to be honest a bit shocked) when I found
> out that rsaauth calls the basic authentication services again instead
> of just exiting to pass the decrypted password down the chain. This
> gets even worse when saltedpasswords duplicates rsaauth code to decrypt
> the password before it checks it against the stored password hash.
I totally agree with you, that this is a hack. Feel free to come up with
a better working solution for TYPO3 4.6. I would highly appreciate that.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list