[TYPO3-dev] Services architecture
Dmitry Dulepov
dmitry.dulepov at gmail.com
Thu Mar 24 11:57:03 CET 2011
Hi!
Steffen Ritter wrote:
> is the code of saltedpasswords and all you would need...
>
> if we would use a proper chaining the first "if" part could be removed
> and we only would need the else branch.
>
> Everyone who wants to break in easily into typo3 just could copy this
> code, without needing anything about thinking.
It is easy for you and me because we work with TYPO3 for years :) But how
much time the "usual" programmer will need to spend to find out this?
If it was that easy for the average hacker outthere, they would not
stupidly insert base64-encoded code into index.php but would do something
more complex.
I am lost actually. What do we discuss right now? Do we discuss that it is
ok to pass a free text password in global variables? Or do we discuss
something else already? :)
--
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-dev
mailing list