[TYPO3-english] Howto protect an eID url?
typo3 at t3node.com
Fri Feb 15 18:16:50 CET 2013
Am 14.02.2013 11:56, schrieb Rik Willems:
> through a webservice. I don't want others to be able to harvest the
> eID/webservice data, so I need to protect it in some way.
I guess you explicitly ask for eID solution, because you cannot use
You could create a csrf token for authorization which is required in
each request. With every request a new token is created and added to the
response. The drawback here is that all of your JS has to rely on a
global token management.
CSRF tokens were introduced in TYPO3 backend some time ago (can't
remeber the release number). Although it has been integrated in a more
ligthweigth form for scalability reasons which occured in the listmodule.
TYPO3 Blog: http://www.t3node.com/
Twitter: @t3node - http://twitter.com/t3node
More information about the TYPO3-english