[TYPO3-core] RFC #12430: Install Tool Password gets transmitted plain text
Bernhard Kraft
kraftb at kraftb.at
Mon Nov 2 12:20:27 CET 2009
Marcus Krause schrieb:
> I agree with Dmitry. We do have saltedpasswords and rsa in trunk.
> There's no need to do superchallenge once again.
>
> -1 to this RFC in current form
I had a look at the service classes yesterday, but they seemed to be not usable
for this task. Everything there is quite tailored for usage in the BE-Login, and
it would have been problematic to use this code for the Install Tool.
I just skyped with Marcus, and I agree, that my version also bears some problems.
I'll try to create a better version for 4.4 using asymmetric encryption.
greets,
Bernhard
More information about the TYPO3-team-core
mailing list