[TYPO3-dev] Services architecture
Dmitry Dulepov
dmitry.dulepov at gmail.com
Thu Mar 24 11:40:15 CET 2011
Hi!
Steffen Ritter wrote:
> As already pointed out I see no difference if you inject some code just
> reading a variable, or calling some more lines and decrypting it with
> rsaauth itself
If I remember correctly, you cannot get the password from rsaauth, there is
no such API or function. It is possible to imitate rsaauth by copy/paste
code but that it is the problem of open source code. And it is more difficult.
Reading a variable is easier, it is one line. Easier to read – easier to
create. Only government hackers do complex break-ins. Individuals usually
try something simple and switch to another site (unless they were paid to
break into exactly this site).
--
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-dev
mailing list