[TYPO3-core] RFC: #10201: Duplicate cHash Values
Francois Suter
fsuter at cobweb.ch
Fri Mar 27 14:18:38 CET 2009
Hi,
>> The issue we experience, is sometimes when cHash doesn't match, a wrong
>> page is loaded. This was happening constantly with the short hash, but
>> less so after the patch - so I guess it has to do with the security
>> check you mention?
>
> I do not remember details about the security check :( I think it was mentioned in the Kasper's cHash tutorial.
I went through the Mysteries of cHash again and the only thing about
security I found is when the cHash is empty. I didn't see anything
related to the length of the cHash itself. On the contrary, I would say
Dan's patch provides increased security.
Cheers
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-team-core
mailing list