[TYPO3-core] RFC #12430: Install Tool Password gets transmitted plain text
Marcus Krause
marcus#exp2009 at t3sec.info
Mon Nov 2 11:55:21 CET 2009
Dmitry Dulepov schrieb:
> Hi!
>
> Bernhard Kraft wrote:
>> Solution: Perform a challenge/response password authentication like
>> used for the BE-Login form. The current rewritten install-tool
>> login, using a custom session management easily allows to add such
>> a feature.
>
> (Not a criticism or alternative idea, just a thought) It would be
> cool to use the same way as we do not with login forms: use hooks to
> select preferable auth way. Thus we could use RSA auth for install
> tool too.
I agree with Dmitry. We do have saltedpasswords and rsa in trunk.
There's no need to do superchallenge once again.
-1 to this RFC in current form
Marcus.
More information about the TYPO3-team-core
mailing list