Bug #33165
closed
rsaauth PHP backend calls key generation on every page request.
100%
Description
the rsaauth isAvailable function was changed, that it tests also on unix systems if rsa is configured correct.
This function will be called on every page request but takes 200ms (on our Quad Core Server) ... and IMHO key generation depends on available events on a system. So slower systems have a slower key generation.
This test should go into the Service Test on installation and shouldn't be called on every page request.
Updated by Steffen Gebert over 12 years ago
- Status changed from New to Needs Feedback
Thanks for your report, Alexander.
Of course, a test key shouldn't be generated during every request.
Have you more details on this? I checked tx_saltedpasswords_autoloader::isSaltedPasswordsSupported() which I remember to have changed, but this was not called during neither Frontend nor Backend requests. Would be nice, if you could provide few more details (stack trace..)
Updated by Alexander Opitz over 12 years ago
#0 tx_rsaauth_php_backend->isAvailable() called at [/typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_backendfactory.php:81] #1 tx_rsaauth_backendfactory::getBackend() called at [/typo3/sysext/rsaauth/sv1/class.tx_rsaauth_sv1.php:123] #2 tx_rsaauth_sv1->init() called at [/t3lib/class.t3lib_div.php:5094] #3 t3lib_div::makeInstanceService(auth, getUserFE, ,tx_aidaauth_sv_resco,tx_nrumauth_sv1) called at [/t3lib/class.t3lib_userauth.php:509] #4 t3lib_userAuth->checkAuthentication() called at [/t3lib/class.t3lib_userauth.php:211] #5 t3lib_userAuth->start() called at [/typo3/sysext/cms/tslib/class.tslib_feuserauth.php:155] #6 tslib_feUserAuth->start() called at [/typo3/sysext/cms/tslib/class.tslib_fe.php:480] #7 tslib_fe->initFEuser() called at [/typo3/sysext/cms/tslib/index_ts.php:234] #8 require(/typo3/sysext/cms/tslib/index_ts.php) called at [/index.php:78]
Updated by Steffen Gebert about 12 years ago
Okay.. I see two options:
- revert #31188
- cache the result of the key generation
Updated by Alexander Opitz about 12 years ago
I would do following:
- remove test also for Windows
- Add a possibility to check on extension installation
- Add a possibility to check functionality in install tool (Like the ImageMagic tests)
- or add possibility to check functionality in the service tools (where it shows the extract PDF services and so on).
Updated by Helmut Hummel about 12 years ago
- Subject changed from rsaauth needs 200ms per page request. to rsaauth PHP backend calls key generation on every page request.
Updated by Helmut Hummel about 12 years ago
- Status changed from Needs Feedback to Accepted
Updated by Gerrit Code Review about 12 years ago
- Status changed from Accepted to Under Review
Patch set 10 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10200
Updated by Gerrit Code Review about 12 years ago
Patch set 11 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10200
Updated by Gerrit Code Review about 12 years ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/10486
Updated by Gerrit Code Review about 12 years ago
Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/10490
Updated by Gerrit Code Review about 12 years ago
Patch set 2 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/10486
Updated by Daniel Poetzinger about 12 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 4c519d745ef0d551d64afd68e5d8b894b330e114.
Updated by Alexander Opitz about 12 years ago
I don't think the patches are the best way, as you can DDOS a server with login requests.
Updated by Alexander Opitz about 12 years ago
The patch didn't go into 4.6.8 and 4.7RC2.
Would be realy nice to get this into the next new release.
Updated by Stefan Galinski about 12 years ago
???
4.7 (merged)
https://review.typo3.org/#/c/10486/
4.6 (abandoned)
https://review.typo3.org/#/c/10490/
4.5 (merged)
https://review.typo3.org/#/c/10486/
Updated by