[TYPO3-dev] Services architecture
Steffen Ritter
info at rs-websystems.de
Thu Mar 24 12:22:39 CET 2011
Am 24.03.2011 11:57, schrieb Dmitry Dulepov:
>
> I am lost actually. What do we discuss right now? Do we discuss that it
> is ok to pass a free text password in global variables? Or do we discuss
> something else already?
What we discuss is in my opinion:
Does it make sense to change that the results of an auth service should
be handed back to the parent Obj so that other auth services in the
chain could use this result.
You said: No because it might be read from outside if it is accessible
via global var. Passing a plaintext password through the service chain
is risky. (which is imho the case without rsa anyways)
I told that it would be architecturally more clean do do it this way.
And I do not see a risk if auth services have access to (even plain)
results of thers. Therefore it is called service chain.
But I'm with you: If the array passed between the services is available
through GLOBALS, which it does not have to be, this is a risk and should
be changed.
But this is unrelated to chaining the services cleanly because this
would be possible in every version and every service etc and possible
even without using rsa or sth. like this.
regards
Steffen
More information about the TYPO3-dev
mailing list