[TYPO3-core] FYI: Added feature #11314: Extract functionality to create session ID from t3lib_userAuth::start()
Martin Kutschker
masi-no at spam-typo3.org
Fri Jun 12 10:53:48 CEST 2009
Oliver Hader schrieb:
>
> Since I don't see a real need for a max. hash length, I'd like to remove
> that check completely (see attached patch).
>
> What do you think?
Remove it! Whatever method is used to created a session id and whatever
length it gets, it MUST NOT be truncated. Saving those few bytes is
ridiculous in contrast to risk of a security breach.
Masi
More information about the TYPO3-team-core
mailing list