[TYPO3-project-4-3] t3sec_saltedpw as sysext?
Marcus Krause
marcus#exp2009 at t3sec.info
Tue Apr 28 20:52:30 CEST 2009
Dmitry Dulepov schrieb am 04/28/2009 08:36 PM Uhr:
> Hi!
>
> Marcus Krause wrote:
>> I was planning some encryption libraries/classes:
>> - symmetric encryption (using PHP's mcrypt module; started but not
>> finished yet)
>> - asymmetric encryption (RSA; service? - native openssl binary and/or
>> php module)
>
> This is one is 99.99% finished. Most likely I will post it to the core list tomorrow.
>
> <offtopic>
> Btw, salted passwords extension is incompatible with RSA auth because salted passwords do not use TCEmain evaluations for form fields. I see that you update passwords in the service if the flag is set. I think the better way would be to use TCEmain evaluations because they are called when the field is saved.
>
> Imagine if I go and update the password with the "User setup" module. If it was salted, it will not be salted anymore in the way you do it now. With evaluations is will be salted automatically.
> </offtopic>
I'm sorry but that's wrong. Extension provides eval methods. ;-)
However, user setup modul does not consider TCEmain evals as md5 is
hardcoded. Issue is already mentioned in bugtracker.
Marcus.
More information about the TYPO3-project-4-3
mailing list