[TYPO3-core] Re: RFC#13662: Bug: rsaauth doesn't work with special characters (like ä ü ö § ) in password
Steffen Gebert
steffen at steffen-gebert.de
Thu Aug 12 23:40:37 CEST 2010
Am 12.08.10 19:43, schrieb Steffen Ritter:
>
> BT entry: http://bugs.typo3.org/view.php?id=13662
>
> Branches: 4.3, 4.4, trunk
>
> Problem:
> The JS Libaries RSA-auth uses are only of the first 127 ASCII chars.
> Therefore ö ä ü § etc won't work.
+1 by reading and testing on 4.4
Before committing, I'd like to have Dmitry's "GO".
Attached is a tiny patch, which adds devlog entries while changing the
PW and login (only works with the salted MD5 method) and helps you
debugging this issue.
While debugging, I didn't see a difference with Komodo/xDebug, so I
outputted the MD5 of the passwords (which differed, although passwords
looked the same). In devlog, the entry while Login even gets truncated
after the first special char.
So the problem (without the patch) is:
* password is set correctly (compare MD5 of your password to the
outputted), which seems reasonable as it's transmitted in clear-text (as
Steffen said)
* special char is encoded wrong while login, because only there rsaauth
is used, so login fails
With the patch
* no changes to existing passwords needed - they're correct
* existing passwords with umlauts, which e.g. already worked with with
lockSSL, should now also work / still work with rsaauth
What I currently dislike
* rsaauth adds the JS files by adding <script> tags. That's why there is
no ?mtime parameter and browser is not forced to use the updated files.
But this has nothing to do with this patch - I'll try to find a way
adding them through the PageRenderer.
So thanks for your intense investigation, Steffen!
Kind regards
Steffen
--
Steffen Gebert
TYPO3 Core Team Member
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 13662_debug.diff
Type: text/x-diff
Size: 952 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100812/d85e987f/attachment.diff>
More information about the TYPO3-team-core
mailing list