[TYPO3-english] Howto protect an eID url?
christian.platt at pharmaline.de
Thu Feb 14 16:14:39 CET 2013
Why not start with the follwoing lines:
if (!defined ('PATH_typo3conf')) die ('Could not access this script directly!');
in js you just acess index.php
url: baseURL+"index.php", // watch for RealURL!
type: "post", // Typ3 of posting
eID: "name of my_eID", //the id you gave your eID
That protects your eID, doesnt it?
Am 14.02.2013 um 15:53 schrieb bernd wilke:
> Am 14.02.2013 11:56, schrieb Rik Willems:
>> Hi all,
>> through a webservice. I don't want others to be able to harvest the
>> eID/webservice data, so I need to protect it in some way.
>> Who can point me in the right direction? What is the best way to protect
> as all algorithm you implement only in JS can be reused you need a key from your server in your JS, which changes by an unknown algorithm and which allows only a restricted number of requests.
> something like:
> a JS-variabel is set with a coded timestamp, which has to be provided in the eID-call as parameter and which will give results in a time interval of 1 hour ?
> it is the same than forms which must be protected against spam submits.
> the used algorithms are:
> IP white-/blacklists,
> hidden (and coded) values (cookies and/or undisplayed input-fields) containing timestamps, referer, chashs to data stored on the server.
> with algorithms which check time-intervals, IP, requests per time from unique IP, referer, empty and filled input-fields (input fields with "display:none" should not contain values, ...)
> and all of these methods may filter some misuse and also filter some valid usage.
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
More information about the TYPO3-english