[TYPO3-50-general] permission system plans

Martin Kutschker Martin.Kutschker at n0spam-blackbox.net
Thu Apr 5 14:47:32 CEST 2007

werner mueller schrieb:
> well this will be true. never made any investigations.
> what i had in mind was authenticate mail, ftp, other things with typo3 
> accounts. postfix uses crypt, pureftpd supports md5, courier again 
> crypt, hopefully the same as postfix and mysql.

There are several authentications that are based on md5. But they use it 
differently. Anyway for HTTP, SMTP, IMAP, POP and FTP they are described in 
various RFCs. Though in the docs the external mechanism is described not 
the internal storage. The point is: simply thrwoing a user supplied (plain 
text) password against a value found in a db is naive.

> at the end of the day the only common method seemed to be cleartext. not 
> the perfect solution. no question. requires encryption of all 
> connections all over... the created password hashes in the logged 
> queries where different all over. and sync typo3 with an ldap structure 
> aint that funny too.
> the cheapest way of living keeping configs at a reasonable level are 
> plain passwords. well: my opinion. (not happy with it)

Not so bad if you send it only over encrypted channels. All mentioned 
protcols (excepct FTP: use SFTP or SCP!!!) may be run over a SSL connection 
or support even connection upgrading ("start TLS" command).


More information about the TYPO3-project-5_0-general mailing list