[TYPO3-dev] Improving login security in TYPO3 (BE+FE)

Kay Strobach typo3 at kay-strobach.de
Sun May 20 19:52:38 CEST 2012 

Hi Xavier,
Hi Ernesto,

so how would you like to have the api - i see two ways:

1. directly manipulate html of login form with hooks -> ugly ;)
2. offer an way to register for login methods
   -> rendering done by "loginFormView"
   -> each logintype may register fields
      (either as object, or as html, or tca like)
   -> each logintype has to act as service
   -> default login sv_auth has to be registered similar
   -> default auth can be replaced ;)
   -> default rendering as
	tabs
	icons
	selectbox
	? ...

Is that worth of backporting? - Or will this be a 6.0 feature ;)

Regards
Kay

Am 18.05.2012 16:18, schrieb Ernesto Baschny [cron IT]:
> Dave Sexton schrieb am 16.05.2012 16:39:
>> On Wed, 2012-05-16 at 14:51 +0200, Xavier Perseguers wrote:
>>>
>>> However the point is that the Core should be adapted, if ever, to easily
>>> allow such enhancements for the authentication mechanism. So Kay, if you
>>> need something more (a hook, ...) then this is definitely something
>>> worth being included in the Core.
>>
>> Going ever so slightly off-topic, one thing that does spring to mind
>> that could be useful in the core would be a way for an auth service to
>> provide contributions to the log-in UI. This could be anything from some
>> flexform definition to add an extra log-in field through to some form of
>> work-flow capability for multi-stage authentication.
>>
>> Then fe_login (or whatever) could render controls based on the
>> requirements of the active auth services.
>>
>> Sorry, just a bit of a brain-dump/pipedream.
> 
> Yes, would be very cool. The current integration of openid is more like
> a "hack", as it is the core that modifies the login screen if openid
> extension is installed and enabled. :)
> 
> Once such an API is there, we could / should also modify openid to make
> use of it.
> 
> Cheers,
> Ernesto
> 
> 


-- 
http://www.kay-strobach.de - Open Source Rocks

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org

Answer was useful - feel free to donate:
  -
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=KPM9NAV73VDF2
  - https://flattr.com/profile/kaystrobach

More information about the TYPO3-dev mailing list