[TYPO3-english] Using saltedpassword/sr_feuser_register correctly
Dmitry Dulepov
dmitry.dulepov at gmail.com
Thu Sep 8 11:50:02 CEST 2011
Hi!
Oliver Salzburg wrote:
> Given that the only time the string "rsa" turns up in the extension's
> files is a .html in the doc folder, I doubt it.
> How time-consuming would that be to implement? I'm sure they wouldn't
> mind a patch.
It would mean including a couple of js files from the core and a call to js
function on submit. Than on the PHP site it is a call to decode the password.
They need to have a look at two places:
- typo3/sysext/rsaauth/hooks/class.tx_rsaauth_feloginhook.php (may be, just
call that hook as is)
- typo3/sysext/rsaauth/sv1/class.tx_rsaauth_sv1.php, function authUser. It
decrypts the password.
I would say it may take not more than 2h to understand the idea and
implement it.
--
Dmitry "itoldyou" Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-english
mailing list