[TYPO3-project-4-3] saltedpasswords for v4.3
Steffen Ritter
info at rs-websystems.de
Thu Jun 18 10:19:48 CEST 2009
Hi folks,
we finished "saltedpasswords" rewrite as sysext for TYPO3 4.3...
We need you to test it on other systems.
You'll find it at
https://svn.typo3.org/TYPO3v4/Extensions/t3sec_saltedpw/trunk
attached is current T3X for easy testing...
Some facts:
- on first login "oldformat" passwords are converted to salted if
"updatePasswd" is set (standard).
- Extension works on security levels "normal" and "rsa" in fe, for be
you have to use "rsa" for security reasons...
- You can choose between using blowfish and md5 to crypt your hash.
Currently this might be risky since there is no real portability since
blowfish not avaliable on every server... Since php 5.3 a own blowfish
build in library will be shipped which everytime will be used at
fallback if no syslib is installed.
- We changed Hash-Format from a lib PHPasswd to a "generalized" and
really "portable" format, which will allow you to use TYPO3 user db for
other services (f.e.: smtp/pop3/imap-server, linux-login, samba shares
(even in windows over ldap), nfs/printerservices). The PHPasswd format
MAY be recognized if the old extension is available in ext-folder (not
installed) and "handleOldFormat" is set
Following things we are currently awaiting (you cannot test yet):
- user creation in admin panel does hardcoded md5, so be shure not to
enable "forceSalted", which would only allow salted formats... I will
provide a patch within the next days, as soon as we have this ext in.
- the user setup Module has currently md5 hardcoded, Steffen Kamper
provided a patch, which allows to register your eval functions via Hook,
I attached this too...
- for felogin "send new password" we are awaiting the patches in core
list to use the hook which is introduced there...
regards
Steffen
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: setup_beuserpw_eval.diff
Url: http://lists.netfielders.de/pipermail/typo3-project-4-3/attachments/20090618/0ef14bfc/attachment.txt
More information about the TYPO3-project-4-3
mailing list