[TYPO3-v4] Minutes from the 3rd meeting of the 4.6 Release Team
Helmut Hummel
helmut.hummel at typo3.org
Tue Apr 5 01:11:33 CEST 2011
Hi,
On 04.04.11 21:23, Oliver Hader wrote:
> TYPO3 4.5 Performance
> ---------------------
> * the new CSRF security token could be optimized
There's review request pending[1] which vastly simplifies the whole CSRF
protection, limiting the DB Queries to only _one_ for a whole user session.
Other than that the CSRF protection consists of (for each request) some
class files to be loaded, _one_ object to be created and a couple of
method calls for the generation of the tokens (which will then be only
hashing of a few strings).
I'm open for suggestions how this could be further optimized.
Kind regards,
Helmut
[1]https://review.typo3.org/1364
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-project-v4
mailing list