[TYPO3-dev] Authenticating BE User correctly
Philipp Gampe
typo3.lists at philippgampe.info
Sat Feb 18 15:56:00 CET 2012
Hi Kay,
Kay Strobach wrote:
> a service has a massive drawback on webdav performance, as more of the
> backend is initialized, than i actually need :(
> Also this would mean, that users of the normal backend can authenticate
> like:
>
> http://user:password@domain/typo3
>
> That's something i definitly don't want ;)
You could still check the request URI in your service and just return 100 or
whatever is the return value for "I can't decide".
What you are doing is to bypass the API which is acceptable for speed, but
also means that you might not get security fixes and that your extension
will break if the user uses another authentication service, e.g. some LDAP
provider.
Also, sending the password plaintext does not seem to be a smart solution to
my, but if the is the only way for webdav ... still feels so 90's.
Best regards
--
Philipp Gampe – PGP-Key 0AD96065
More information about the TYPO3-dev
mailing list