[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Dmitry Dulepov
dmitry.dulepov at gmail.com
Tue Apr 28 20:36:27 CEST 2009
Hi!
Marcus Krause wrote:
> I was planning some encryption libraries/classes:
> - symmetric encryption (using PHP's mcrypt module; started but not
> finished yet)
> - asymmetric encryption (RSA; service? - native openssl binary and/or
> php module)
This is one is 99.99% finished. Most likely I will post it to the core list tomorrow.
<offtopic>
Btw, salted passwords extension is incompatible with RSA auth because salted passwords do not use TCEmain evaluations for form fields. I see that you update passwords in the service if the flag is set. I think the better way would be to use TCEmain evaluations because they are called when the field is saved.
Imagine if I go and update the password with the "User setup" module. If it was salted, it will not be salted anymore in the way you do it now. With evaluations is will be salted automatically.
</offtopic>
> - salted hashes
>
> I think they would be generally useful, not only for one extension like
> rsaauth.
> -> Make such libraries/classes available for general usage.
There is a discussion about it and some class models. I think we should send them to you to avoid double work. It would be great if you could participate in it :)
--
Dmitry Dulepov
In TYPO3 blog: http://dmitry-dulepov.com/article/when-do-you-need-chash-in-typo3.html
LinkedIn: http://www.linkedin.com/in/dmitrydulepov
Twitter: http://twitter.com/dmitryd
Skype: liels_bugs
More information about the TYPO3-project-4-3
mailing list