[Typo3-dev] BE Login through URL?
Andreas Schwarzkopf
a.schwarzkopf at meinsystem.de
Wed May 26 14:26:58 CEST 2004
Stig N. Jepsen schrieb:
> What would the security issues be?
I'm not a security expert but I can see two things:
- submitting malicious javascript (frontend and backend)
can be dangerous for other frontend users (e.g. automatically installing
worms and backdoors from the website) and for backend users (stealing
cookies or data from other backend users)
- stealing admin cookies in the backend with the anonymous backend login
for submitting news
If you mean the news blog function for typo3.org, I think both things
could be very dangerous for a such popular site.
grtx
Andreas
More information about the TYPO3-dev
mailing list