Storage of the identity of the user

As you can see in eid.install, firstname lastname and rrk are stored:

  function eid_schema() {
    $schema = array();
    
    $schema['eid_login'] = array(
      'fields' => array(
        'uid' => array(
          'type' => 'int',
            'not null' => TRUE,
        ),
        'firstname' => array(
            'type' => 'varchar',
            'length' => '200',
            'not null' => TRUE,
        ),
        'lastname' => array(
            'type' => 'varchar',
            'length' => '200',
            'not null' => TRUE,
        ),
        'rrk' => array(
            'type' => 'varchar',
            'length' => '11',
            'not null' => TRUE,
        ),
      ),
      
      'primary key' => array('uid'),
  );
    
    
    return $schema;
  }

Now I am a bit worried about the rrk field with a length of 11, becasue the national number is also 11 long. Coincidence?

In another piece of code I saw that a serial number is read. I'm not sure if it's the certificate serial number, or the national number.
In the eID docs issued by Fedict, they also speak of SSL_CLIENT_S_DN_serialNumber to get or set the national number.

Somebody is even more convinced that there is a problem, but I'm not sure, I'm not a top Drupal coder and I have not yet read all of the code.
http://www.zionsecurity.com/blog/2010/2/26/unsecure-implementation-of-ei...

At this point, there are some security concerns regarding this module. We are investigating those issues to perform the nescessary steps. More news coming soon.

feature request changed to bug report, and subscribing.

subscribe

subscribe

subscribe