[TYPO3-core] RFC #15379: Bug: Don't break BE session IP locking on IPv6 client
Roland Schenke
rs at kruselenz.com
Mon Aug 9 12:12:10 CEST 2010
Hi Bas,
at T3DD10 I found myself some issues with IPv6 regarding the (logical) acceptance of IPv6 Addresses when trying to login. Bug ID #15034
Christian Kuhn of the DevTeam told me that IPv6 implementation is currently not the best.
Unfortunately my knowledge of core development is not yet as advanced as it should be to rework this, but I'm glad to hear someone else is facing such problems.
Just my 1.51 eurocents. ;-)
Have a great day
Roland
Am 08.08.2010 um 17:28 schrieb Wiel, J.A.M. van de:
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=15379
>
> Branches:
> TYPO3_4-4 & trunk
>
> Problem:
> The IP lock of a BE session assumes IPv4 and its 4 octets for splitting into parts. Obviously this won't fly with valid IPv6 client addresses since they don't have the 4 octets separated by dots.
>
> Solution:
> My patch uses the core API to check whether the client has a valid IPv6 address. If so, it just ignores the parts < 4 bit and returns the address thereby locking the BE session to the client's specific IPv6 address.
>
> Notes:
> To really do this cleanly, there should be a proper IPv6 aware implementation of BE session locking and something like a 'lock to prefix' which would make a lot more sense in an IPv6 context than the current 'parts'. I'm not sufficiently up to speed on core development to rework this part entirely without breaking things elsewhere.
>
> Best regards,
> Bas
--
Mit freundlichen Grüßen / Best regards
Roland Schenke
Forschung und Entwicklung
K & L Internet Service
Kruse & Lenz GbR - Vrestorfer Weg 5 - 21339 Lüneburg
Fon : 0176 / 46534665
E-Mail : info at kruselenz.com
Web : www.kruselenz.com
*** Internetauftritte * CMS * Webshops * Hosting * Grafik ***
More information about the TYPO3-team-core
mailing list