[TYPO3-v4] Request for comments: Separating password transmission from password comparison

Andreas Wolf typo3ml at andreaswolf.info
Fri Dec 23 13:40:35 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Dmitry,

Am 23.12.2011 13:30, schrieb Dmitry Dulepov:
> Helmut Hummel wrote:
>> There only minor things that change for external auth-services
>> and what changes are improvements or things that a auth-service
>> should not rely on.
> 
> This is actually a huge change. I know several clients, who
> implemented their own auth services and those will break. Tell
> them, they should not rely on something, they used for years and
> you will show them the straight road to Drupal.

YMMD. If you need a good example for unreliable APIs in the Enterprise
CMS world, Drupal is your friend. Who broke half (or more) of their
modules with the last major release? Who integrates new features after
features freeze [1]?

I know that client's view on these problems might be a different one,
but please stay realistic. The whole authentication API seems to be
not well documented to me, so many people hacked their way around to
"get it working". If we now decide to change things to be more
consistent and logical - and document them properly -, I don't see a
reason to vote against this just because "it has always been this way".

Cheers and happy holidays to all of you!
Andreas


[1] http://www.unleashedmind.com/en/blog/sun/the-drupal-crisis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREIAAYFAk70dsMACgkQHWtXp155bP98IQCfaMagRHwfRGT6sjtAjcs5PVsC
HUAAn2VFUllurU4Go783JEuMo0Px3I5j
=4pwp
-----END PGP SIGNATURE-----


More information about the TYPO3-project-v4 mailing list