[TYPO3-english] Salted Passwords & RSA: temp directory path

[Dmitry Dulepov]

Hi!

Urs Bräm wrote:
> But I can't set the RSA Extension's temporary path properly to store the
> temporary keys. I've created a folder above my public_html in the home
> directory (/home/username/rsaauth/) and chmodded it to 700 - but it
> stays empty. I can't find the keys in typo3temp neither.

This directory is used only if you have no openssl PHP module. Than rsaauth 
will use a command line openssl utility to generate keys. Those keys (from 
the command line utility) are stored on the file system. If you have a PHP 
module, you can skip the path completely.

> My questions are:
>
> * is the RSA Extension really needed for increased security?

Yes, unless you use SSL. Rsaauth is a cheaper way to get your login secure. 
You do not have to buy a certificate in order to encrypt passwords.

> * what form should the path in the EM Configuration dialogue have?

Absolute path. Btw, you still can use typo3temp/, just put an .htaccess 
there with "deny from all".

> * any other hints to set this up for better security?

None :)

-- 
Dmitry Dulepov
TYPO3 core team member
Blog: http://dmitry-dulepov.com/
Twitter: http://twitter.com/dmitryd

Simplicity will save the world.