[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Michael Stucki
michael at typo3.org
Mon Oct 20 11:18:11 CEST 2008
Hi Dmitry,
> Xavier Perseguers wrote:
>> +1 based on testing. Doc is OK too but I would like to read something
>> about /dev/urandom that needs to be allowed for reading by the www user.
>
> Good point. I think we can modify sv1 to have this code before including
> OpenID library:
>
> // Make sure that random generator is properly set up
> if (!is_readable('/dev/urandom')) {
> if (is_readable('/dev/random')) {
> define('Auth_OpenID_RAND_SOURCE', '/dev/random');
> } else {
> define('Auth_OpenID_RAND_SOURCE', null);
> }
> }
If I understand correctly, that would make the OpenID authentication
pretty much insecure, right? Therefore, it may be questioned already if
the else condition should be used at all.
However, what I find much more important is that in this case the server
admin gets a chance to know about it:
- Add t3lib_div::sysLog() calls
- Add a warning to the yellow box (you can use hooks for that)
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list