[TYPO3-english] Salted Passwords & RSA: temp directory path
dmitry.dulepov at gmail.com
Mon Mar 19 13:00:29 CET 2012
Urs Bräm wrote:
> But I can't set the RSA Extension's temporary path properly to store the
> temporary keys. I've created a folder above my public_html in the home
> directory (/home/username/rsaauth/) and chmodded it to 700 - but it
> stays empty. I can't find the keys in typo3temp neither.
This directory is used only if you have no openssl PHP module. Than rsaauth
will use a command line openssl utility to generate keys. Those keys (from
the command line utility) are stored on the file system. If you have a PHP
module, you can skip the path completely.
> My questions are:
> * is the RSA Extension really needed for increased security?
Yes, unless you use SSL. Rsaauth is a cheaper way to get your login secure.
You do not have to buy a certificate in order to encrypt passwords.
> * what form should the path in the EM Configuration dialogue have?
Absolute path. Btw, you still can use typo3temp/, just put an .htaccess
there with "deny from all".
> * any other hints to set this up for better security?
TYPO3 core team member
Simplicity will save the world.
More information about the TYPO3-english