Bug #33165

rsaauth PHP backend calls key generation on every page request.

Added by Alexander Opitz over 9 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2012-01-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

the rsaauth isAvailable function was changed, that it tests also on unix systems if rsa is configured correct.

This function will be called on every page request but takes 200ms (on our Quad Core Server) ... and IMHO key generation depends on available events on a system. So slower systems have a slower key generation.

This test should go into the Service Test on installation and shouldn't be called on every page request.


Related issues

Related to TYPO3 Core - Bug #38781: rsaauth PHP backend calls key generation on every page request (2)Closed2012-07-09

Actions
Has duplicate TYPO3 Core - Feature #35798: rsaauth calls openssl_pkey_new on every request [Performance]Closed2012-04-09

Actions
Follows TYPO3 Core - Bug #31188: rsaauth only checks if key generation works on WindowsClosedHelmut Hummel2011-10-22

Actions
#1

Updated by Steffen Gebert over 9 years ago

  • Status changed from New to Needs Feedback

Thanks for your report, Alexander.

Of course, a test key shouldn't be generated during every request.

Have you more details on this? I checked tx_saltedpasswords_autoloader::isSaltedPasswordsSupported() which I remember to have changed, but this was not called during neither Frontend nor Backend requests. Would be nice, if you could provide few more details (stack trace..)

#2

Updated by Alexander Opitz over 9 years ago

#0  tx_rsaauth_php_backend->isAvailable() called at [/typo3/sysext/rsaauth/sv1/backends/class.tx_rsaauth_backendfactory.php:81]
#1  tx_rsaauth_backendfactory::getBackend() called at [/typo3/sysext/rsaauth/sv1/class.tx_rsaauth_sv1.php:123]
#2  tx_rsaauth_sv1->init() called at [/t3lib/class.t3lib_div.php:5094]
#3  t3lib_div::makeInstanceService(auth, getUserFE, ,tx_aidaauth_sv_resco,tx_nrumauth_sv1) called at [/t3lib/class.t3lib_userauth.php:509]
#4  t3lib_userAuth->checkAuthentication() called at [/t3lib/class.t3lib_userauth.php:211]
#5  t3lib_userAuth->start() called at [/typo3/sysext/cms/tslib/class.tslib_feuserauth.php:155]
#6  tslib_feUserAuth->start() called at [/typo3/sysext/cms/tslib/class.tslib_fe.php:480]
#7  tslib_fe->initFEuser() called at [/typo3/sysext/cms/tslib/index_ts.php:234]
#8  require(/typo3/sysext/cms/tslib/index_ts.php) called at [/index.php:78]
#3

Updated by Steffen Gebert about 9 years ago

Okay.. I see two options:

  • revert #31188
  • cache the result of the key generation
#4

Updated by Alexander Opitz about 9 years ago

I would do following:

- remove test also for Windows
- Add a possibility to check on extension installation
- Add a possibility to check functionality in install tool (Like the ImageMagic tests)
- or add possibility to check functionality in the service tools (where it shows the extract PDF services and so on).

#5

Updated by Helmut Hummel about 9 years ago

  • Subject changed from rsaauth needs 200ms per page request. to rsaauth PHP backend calls key generation on every page request.
#6

Updated by Helmut Hummel about 9 years ago

  • Status changed from Needs Feedback to Accepted
#7

Updated by Gerrit Code Review about 9 years ago

  • Status changed from Accepted to Under Review

Patch set 10 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10200

#8

Updated by Gerrit Code Review about 9 years ago

Patch set 11 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10200

#9

Updated by Gerrit Code Review about 9 years ago

Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/10486

#10

Updated by Gerrit Code Review about 9 years ago

Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/10490

#11

Updated by Gerrit Code Review about 9 years ago

Patch set 2 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/10486

#12

Updated by Daniel Poetzinger about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#13

Updated by Alexander Opitz about 9 years ago

I don't think the patches are the best way, as you can DDOS a server with login requests.

#14

Updated by Alexander Opitz about 9 years ago

The patch didn't go into 4.6.8 and 4.7RC2.

Would be realy nice to get this into the next new release.

#16

Updated by Benni Mack over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF