‪TYPO3CMS  ‪main
TYPO3\CMS\Core\Authentication\MimicServiceInterface Interface Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\MimicServiceInterface:
TYPO3\CMS\Core\Authentication\AuthenticationService

Public Member Functions

bool mimicAuthUser ()
 

Detailed Description

Definition at line 20 of file MimicServiceInterface.php.

Member Function Documentation

◆ mimicAuthUser()

bool TYPO3\CMS\Core\Authentication\MimicServiceInterface::mimicAuthUser ( )

Mimics user authentication for known invalid authentication requests. This method can be used to mitigate timing discrepancies for invalid authentication attempts, which can be used for user enumeration.

Authentication services can implement this method to simulate(!) corresponding processes that would be processed during valid requests - e.g. perform password hashing (timing) or call remote services (network latency).

Returns
‪bool whether other services shall continue CWE-208: Observable Timing Discrepancy

Implemented in TYPO3\CMS\Core\Authentication\AuthenticationService.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().