[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Martin Kutschker
masi-no at spam-typo3.org
Sun Oct 5 10:36:39 CEST 2008
Dmitry Dulepov schrieb:
> Hi!
>
> Steffen Kamper wrote:
>> ah ok, didn't knew that.
>> So if (is_readable('/dev/random') also work on windows, and no
>> change is
>> needed, right?
>
> If someone makes /dev/urandom on Windows as a simple text file, this
> would be bad for OpenID because it compromises security. So the check
> for Windows is necessary.
But someone could also delete the real /dev/urandom and create a fake
one on Unix.
Anyway, the Windows check is simple, clear and no real overhead.
Masi
More information about the TYPO3-team-core
mailing list