[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Ingmar Schlecht
ingmar at typo3.org
Fri Apr 24 12:01:26 CEST 2009
Hi Masi,
Martin Kutschker schrieb:
> Maybe. As it requires transfer of plain-text passwords over the net, you
> would need SSL if you don't want to loose more security than you gain.
TYPO3 4.3 will ship with Dmitry's extension rsaauth [1], which will
enable javascript based RSA encrypted login, so the clear text password
will be transmitted from the client to the server in an encrypted way.
He has implemented that for both BE as well as felogin.
> Furthermore what happens with existing accounts? Can they still log in?
If we just enable those extensions (rsaauth and t3sec_saltedpw) by
default (but not making them required), they would not be used by
existing installations automatically, just by new ones.
cheers
Ingmar
[1] http://forge.typo3.org/projects/show/extension-rsaauth
--
Ingmar Schlecht
TYPO3 Core Developer
More information about the TYPO3-project-4-3
mailing list