[TYPO3-english] Salted Passwords & RSA: temp directory path
Marcus Krause
marcus#exp2011 at t3sec.info
Mon Mar 19 15:15:49 CET 2012
Hi,
François Suter schrieb am 19.03.2012 13:33 Uhr:
> Hi,
>
>> Sorry Francois, Christian is absolutely right here. rsaauth is only for
>> set-ups where SSL/TLS is not available.
>
> OK, sorry for the confusion. I was actually thinking only of the
> encryption of the login communication and was under the impression that
> RSA provided stronger encryption than SSL does. Is that not the case?
Easy answer: it depends. ;-)
Have a look at https://www.ssllabs.com/ssldb/ and check your web servers.
You'll see that SSL/TLS provides a lot of configurations.
I'm actually not aware of the rsaauth implementation details, but ...
see below!
> On all my clients' web sites we actually use everything we can, which
> means - in this case - both SSL and rsaauth.
IMHO, with a securely configure SSL/TLS serverside and configuration
which does not allow bypassing SSL/TLS when it is needed (login,
credential transfer in general), it is not needed to have rsaauth
additionally installed.
Cheers,
Marcus.
More information about the TYPO3-english
mailing list