[TYPO3-v4] Request for comments: Separating password transmission from password comparison

[Steffen Gebert]

Hi Dmitry,

> This is actually a huge change. I know several clients, who implemented
> their own auth services and those will break.

Why not take the benefit of having this knowledge, of how some people 
build auth services (you or your clients)?

Maybe it is possible to build a compatibility layer for them - or decide 
that it is done in a way that should never have been treated as safe, 
because of circumventing APIs etc. and thus forcing them to make 
adjustments (hey.. that's what you have to do from time to time with 
software upgrades..).

I think you agree that user auth is kind of a mess, and I think you are 
also fine with moving things on to improve them, make them more 
flexible, faster etc.

So it would be nice, if you could have a look at the implementations you 
know and guess, whether they could be adjusted to work with the changes, 
or whether the changes would introduce limits for auth services and 
block certain things (which should, of course, not be the case).

Please take advantage of knowing things instead of having to guess into 
the wild, what people could have done. Standing still, because anybody 
in TYPO3 world could have done it in whatever way is IMHO the wrong 
attitude.

Kind regards
Steffen

-- 
Steffen Gebert
TYPO3 v4 Core Team Member
TYPO3 Server Administration Team Member

TYPO3 .... inspiring people to share!
Get involved: http://typo3.org