[TYPO3-core] RFC #12430: Install Tool Password gets transmitted plain text
Michael Stucki
michael at typo3.org
Mon Nov 2 12:01:28 CET 2009
Hi Bernhard,
I'm sorry but I need to give my veto to this. Please use RSA or let it be.
- michael
Bernhard Kraft schrieb:
> Hello !
>
> This is a SVN patch request.
>
> Type: feature
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=12430
>
> Branches:
> Trunk (after 4.3 is released ???)
>
> Problem:
> If you log into the Install Tool the password will get transmitted in
> plain text. This could cause problems in some situations.
>
>
> Solution:
> Perform a challenge/response password authentication like used for the
> BE-Login form. The current rewritten install-tool login, using a custom
> session management easily allows to add such a feature.
>
> See attached patch. It also features a nice error message if you tried
> a wrong password.
>
>
> Note:
> As this would be a new feature, I guess it should not get into trunk
> before 4.3 gets its own branch???
>
>
> greets,
> Bernhard
>
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list