[TYPO3-mvc] Secure parameter transfer
Wowbagger
hille at hilk.net
Sat Feb 4 14:30:00 CET 2017
Quote: Matthew Colton (MatColton) wrote on Sat, 04 February 2017 10:37
----------------------------------------------------
> It's always a bad idea to let user sent form data decide over rights, no
> matter if extbase or not.
>
> Why should a user be able to register himself as an admin? In which case
> is that required?
>
The example above is just a simplification. My question is: how do I get secure information from the showAction to the createAction, so that the user isn't able to change the information.
In my case, the user gets an invation to an event. In the invation is a code. The user enters the code and in the database is for the code also a role stored (participant, staff, etc). The next step is that the user enters his data for registration. So I have to transfer the role from the showAction to the createAction. Of corse, I can transfer the code and check the role again in the createAction. But it's a generally question: is the a way to get sensitive informations from the showAction to createAction?
Regards,
Wowbagger
More information about the TYPO3-project-typo3v4mvc
mailing list