[TYPO3-english] Howto protect an eID url?

Burkhard Görtz bugi at joboland.de
Thu Feb 14 12:20:27 CET 2013

> Who can point me in the right direction? What is the best way to protect eID calls in combination with javascript?

You have to implement mechanism to regulate access server-side. Javascript-Protection is exactly the thing to NOT protect your data against malicious visitors, it's too easy to circumvent

Possible solutions, combine some of these:
- ip-lock (count no. of access per time); this could prevent legitimate users from using the service
- check the referer 
- set a cookie
- measure query speed (nobody reaches 1000 query/sec) 
- captchas

But in the end: if you're not willing to restrict regular access IMHO you can't effectively protect your data. 


More information about the TYPO3-english mailing list