[TYPO3-core] RFC #12502: Feature: Use HMACs for authencity and integrity checks
Martin Kutschker
masi-no at spam-typo3.org
Tue Nov 10 21:59:52 CET 2009
Marcus Krause schrieb:
>
> I've used the length parameter as some code uses full MD5 (showpic),
> others shortMD5 (workspace preview?). I just didn't want to cause too
> much change in behaviour.
We agreed to use only full hashes unless the hash is not to be used as a sort of ident.
> However, I'm open to remove the parameter and let according code handle
> the length. AFAIK, removing the parameter would not hurt. It's (always)
> only a GET variable and according code simply creates a hash over
> parameter and compares it to the given one. Extending the length of such
> "checksum" now or later most probably won't cause any problems.
What is only a GET variable? The hmac function can be used to check the integrity of any data (incl.
file data).
And a change of the hash length does matter if you need to store the value in the DB.
Masi
More information about the TYPO3-team-core
mailing list