[TYPO3-core] [TYPO3-dev] Ajax-Encryption class [was: RFC: Bugfix #10212: Missing files in sysext install]
Marcus Krause
marcus#exp2009 at t3sec.info
Wed Jan 28 13:55:58 CET 2009
Steffen Kamper schrieb am 01/27/2009 11:45 PM Uhr:
> Hi,
>
> i see an advantage doing this with ajax - but not only for install tool.
> I could imagine to use this for BE login also replacing the md5.js
> (which causes local character problem anyway and isn't good for
> maintainance), so i would prefer a generel ajax-encryption class usable
> for other classes as well.
>
> What do you think?
Hi,
Actually I was working on something similar before the security fixes
and regression bugs came in.
I thought of a (extendable) proper webservice (Soap) for, amongst
others, authentication.
Extendable in a way that you just could register a custom function for a
defined role (un-authenticated, user, admin) and the web service would
gracefully publish such as service method. With PHP5 reflection this is
pretty easy and doesn't require a developer to know any details about
web services.
There are soap client implementations in JS available and WSS (Web
Service Security). WSS supports encryption and signature. With that we
could implement the planned RSA authentication.
The client (browser) talks to the webservice. With that in place, TYPO3
would also support Remote Administration.
What do you think? ;-)
Marcus.
X-Post to: typo3.teams.core, typo3.dev
Follow-up: typo3.dev
More information about the TYPO3-team-core
mailing list