[TYPO3-dev] Services architecture
Dmitry Dulepov
dmitry.dulepov at gmail.com
Mon Mar 28 09:27:16 CEST 2011
Hi!
Helmut Hummel wrote:
> No, this is not what we need. We need RSA encryption in Javascript and
> on the PHP side. So we need what is already there in the
> rsaauthextension, but it needs to be changed, that it does not really
> authenticate, but only decrypts the crendentials. It is a more or less
> minor change to rsaauth, but of course the name would not make sense any
> more after removing the authentication part. So probably it will be just
> renaming rsaauth to rsatransfer and then removing the authentication
> part and handing over the decrypted password to the services following
> in the chain.
Not going to work if some other service with same priority is installed
before the rsaauth or if the other service has a higher priority.
I do not think it is a good idea to change rsaauth to work like that.
Believe me, when I coded it, I thought about many various ways, including
the one you propose. It creates more issues but solves none.
--
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-dev
mailing list