[TYPO3-dev] Services architecture
Helmut Hummel
helmut.hummel at typo3.org
Sun Mar 27 00:12:31 CET 2011
Hi,
On 26.03.11 16:57, François Suter wrote:
>> If anyone is willing to implement a "rsatransfer" service, which does
>> not do authentication, but only provides decrypted crendentials to the
>> service chain, then go on and do it.
>
> Before someone invents a new wheel, it would be good to look at
> extension "caretaker", which does this already AFAIK. I've never looked
> into the details, but at least you have to exchange keys when you set up
> the monitoring, so I assume the communication is encrypted, which would
> make a lot of sense given the nature of the data exchanged.
>
> So maybe it's just a question of porting this into the core.
No, this is not what we need. We need RSA encryption in Javascript and
on the PHP side. So we need what is already there in the
rsaauthextension, but it needs to be changed, that it does not really
authenticate, but only decrypts the crendentials. It is a more or less
minor change to rsaauth, but of course the name would not make sense any
more after removing the authentication part. So probably it will be just
renaming rsaauth to rsatransfer and then removing the authentication
part and handing over the decrypted password to the services following
in the chain.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list