[TYPO3-english] Howto protect an eID url?
Steffen Müller
typo3 at t3node.com
Fri Feb 15 18:16:50 CET 2013
Hi Rik,
Am 14.02.2013 11:56, schrieb Rik Willems:
>
> Through javascript I want to call an eID script that collects some data
> through a webservice. I don't want others to be able to harvest the
> eID/webservice data, so I need to protect it in some way.
>
I guess you explicitly ask for eID solution, because you cannot use
felogin/fe_session however.
You could create a csrf token for authorization which is required in
each request. With every request a new token is created and added to the
response. The drawback here is that all of your JS has to rely on a
global token management.
CSRF tokens were introduced in TYPO3 backend some time ago (can't
remeber the release number). Although it has been integrated in a more
ligthweigth form for scalability reasons which occured in the listmodule.
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Twitter: @t3node - http://twitter.com/t3node
More information about the TYPO3-english
mailing list