[TYPO3-project-4-3] Making RSA Auth default login method?
Steffen Gebert
steffen at steffen-gebert.de
Tue May 5 09:14:16 CEST 2009
Hi
Patrick Gaumond wrote:
> I'm a bit reluctant to force RSA Auth. A paragraph about security into
> "install.txt" would be a simple alternative.
Who reads this really carefully? 10%? I'm for security by default!
If there's a security hole in 4.3 one day, news sites will still write
"TYPO3 the unsecure CMS.. bla bla.. unencrypted fe-user passwords by default
.. bla bla .. only superchallenged authentification by default .. bla bla"
;-)
This would be no improvement towards 4.2
Is there really somebody out there who has the ability to run TYPO3 on his
server / shared hosting, but NO openssl installed?
IMHO it would be enough to check for openssl extension and output an error
message at the login prompt. Already checking and mentioning the problem in
the 1-2-3 wizard would of course be helpful.
> My 2 CAN cents.
My 2 EUR cents.
Steffen
More information about the TYPO3-project-4-3
mailing list