[TYPO3-english] Howto protect an eID url?

Dmitry Dulepov dmitry.dulepov at gmail.com
Thu Feb 14 15:29:59 CET 2013


Rik Willems wrote:
> What is the best way to protect eID calls in combination with javascript?

None. I can easily look at requests using JS console and do calls with it.

May be you can set up a certain key based on ip address and random values. 
This way request will be valid only when they come from the specific host. 
But it does not prevent console abuse from that host.

You can make those keys one time but that may not always work reliably.

Dmitry Dulepov
TYPO3 CMS core & security teams member

<strike>Simplicity</strike> Crocodiles will save the world.

More information about the TYPO3-english mailing list