[TYPO3-english] Howto protect an eID url?
Burkhard Görtz
bugi at joboland.de
Thu Feb 14 12:20:27 CET 2013
> Who can point me in the right direction? What is the best way to protect eID calls in combination with javascript?
You have to implement mechanism to regulate access server-side. Javascript-Protection is exactly the thing to NOT protect your data against malicious visitors, it's too easy to circumvent
Possible solutions, combine some of these:
- ip-lock (count no. of access per time); this could prevent legitimate users from using the service
- check the referer
- set a cookie
- measure query speed (nobody reaches 1000 query/sec)
- captchas
...
But in the end: if you're not willing to restrict regular access IMHO you can't effectively protect your data.
Regards
Bugi
More information about the TYPO3-english
mailing list