[TYPO3-dev] Services architecture
Dmitry Dulepov
dmitry.dulepov at gmail.com
Mon Mar 28 09:25:13 CEST 2011
Hi!
Helmut Hummel wrote:
> If anyone is willing to implement a "rsatransfer" service, which does
> not do authentication, but only provides decrypted crendentials to the
> service chain, then go on and do it.
I still do not understand why it is necessary. This is not how services work.
Service purpose is to authenticate. This is what rsaauth does: exactly the
purpose of the service. If iy only decrypts, it cannot be called
authentication service any more. It would also create another hidden
knowledge in the system, which we should avoid.
And finally, this is an attempt to "fix" something that works well.
--
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-dev
mailing list