[TYPO3-project-4-3] Making RSA Auth default login method?
Michael Stucki
michael at typo3.org
Tue May 5 11:13:24 CEST 2009
Hi Ingmar,
thanks for pushing this!
> However, it is not configured to be the default at the moment, but needs
> to be enabled by setting TYPO3_CONF_VARS[BE][loginSecurityLevel] (or FE
> respectively) to the value "rsa" in order to get active.
>
> Now, the question is whether we should enable it by default instead.
> Personally, I would tend to enable rsa by default (my feeling is that
> most servers have the openssl PHP extension installed). What would be
> ideal I think would be a fallback to superchallenged if openssl is not
> found...
Let's agree that superchallenged is not insecure by design. So in my
opinion, RSA should be enforced, but not under all circumstances.
What I would like is to have RSA enabled by default but if there is no
openssl functionality, have TYPO3 fall back to the old default. At the
same time, it should indicate this with a warning in the admin backend
(yellow warning box).
What do you think?
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-project-4-3
mailing list