[TYPO3-core] cookie-warning
Bernhard Kraft
kraftb at kraftb.at
Thu Mar 23 17:54:23 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Stucki wrote:
>
> Ouch. Sorry, must have been blind that I didn't notice this before. I've added
> debug calls just two lines below of that... ;-)
>
That the challenge get's stored on server-side (which is the case with $_SESSION - the
values get stored on the server - just an identifier get's sent to the server) is required
for the login to be secure (else somebody could send any challenge he likes - and T3 would
blindly use it - like before 3.8.0).
I will have a look at how this can get fixed.
greets,
Bernhard
- --
- ----------------------------------------------------------------------
"Freiheit ist immer auch die Freiheit des Andersdenkenden"
Rosa Luxemburg, 1871 - 1919
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEItK/Il4dkVkDMFkRAs68AKCqBQIW7Qv1aRb65gGib+IS6zUobQCfQ2Jn
Hd4tdXP7qjWV4do29uLy0G8=
=YyP7
-----END PGP SIGNATURE-----
More information about the TYPO3-team-core
mailing list