[TYPO3-50-general] Proposal for a RSA authentication provider/mechanism
Andreas Förthner
andreas.foerthner at netlogix.de
Sat Jan 3 19:37:51 CET 2009
Hi,
I forgot to say that we would have to change every BE Form where you can
change your password oder create/edit an user account, in a way that
nowhere are plaintext password sent. My first thought was to create the
salt and the md5(password+salt) directly on the client via JavaScript,
as an attacker cannot use this hash and salt for authenticating himself.
But I'm not sure, if this is really secure. Anyone?
Thanks.
Greets Andi
More information about the TYPO3-project-5_0-general
mailing list