[TYPO3-core] RFC #16223 : Bugfix : Failed backend userlogins are not written to syslog using saltedpasswords

Torben Hansen - Skyfillers T.Hansen at skyfillers.com
Thu Mar 17 18:09:41 CET 2011


This is an SVN patch request.

Type: Bugfix

Bugtracker references:
http://bugs.typo3.org/view.php?id=16223

Branches:
4-3, trunk
4-4, trunk
4-5, trunk

Problem:
The logging functions in saltedpasswords are not able to log failed backend userlogins to TYPO3´s syslog, because the inherited writelog-function gets overridden by a local function. As a result, no notification e-mail is sent to [warning_email_addr] when a backend user has multiple failed login attempts. A remote "attacker" could try to login to a TYPO3 installations backend numerous of times without being noticed (no log entry and no warning-email if configured).

Solution:
My solution calls the writelog-function from the parent object, so that failed backend logins are written to TYPO3´s syslog again and all logging/notifications work as expected.

Notes:
-

Best regards
Torben Hansen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110317/0a454acd/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 16223_2.diff
Type: application/octet-stream
Size: 1734 bytes
Desc: 16223_2.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110317/0a454acd/attachment.obj>


More information about the TYPO3-team-core mailing list