[TYPO3-v4] Request for comments: Separating password transmission from password comparison
Helmut Hummel
helmut.hummel at typo3.org
Thu Dec 29 00:31:05 CET 2011
Hi,
On 28.12.11 13:04, Oliver Hader wrote:
> You can expect my review by tomorrow.
Olly and me had nice and productive review session this evening. Thanks
for that.
The result is an improved version of the patch so that the loginData
before and after the change are exactly the same. It's now completely
transparent for external authentication services. Additionally I also
covered this by unit tests now.
One special behaviour is marked as deprecated so we could switch to a
more consistet behaviour in future TYPO3 versions. I'm happy to discuss
if this additional compatibility layer is necessary, but I'm also fine
going thisway.
Extensions that XCLASS on tx_rsaauth_sv1 most likely will fail as this
class will now be called in a different context. This fact will be
mentioned in NEWS.txt[1]
Additionally I will add a chapter about authentication services which is
by now competely missing in the services manual[2]
Kind regards,
Helmut
[1]http://forge.typo3.org/issues/32864
[2]http://forge.typo3.org/issues/31413
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-v4
mailing list