[TYPO3-core] RFC #12430: Install Tool Password gets transmitted plain text
Bernhard Kraft
kraftb at kraftb.at
Mon Nov 2 01:10:17 CET 2009
Hello !
This is a SVN patch request.
Type: feature
Bugtracker references:
http://bugs.typo3.org/view.php?id=12430
Branches:
Trunk (after 4.3 is released ???)
Problem:
If you log into the Install Tool the password will get transmitted in
plain text. This could cause problems in some situations.
Solution:
Perform a challenge/response password authentication like used for the
BE-Login form. The current rewritten install-tool login, using a custom
session management easily allows to add such a feature.
See attached patch. It also features a nice error message if you tried
a wrong password.
Note:
As this would be a new feature, I guess it should not get into trunk
before 4.3 gets its own branch???
greets,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: installToolLogin_ChallengeResponse.diff
Type: text/x-patch
Size: 5181 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091102/faf7c925/attachment.bin>
More information about the TYPO3-team-core
mailing list