[TYPO3-dev] Double opt-in, user registration and confirmation links

Martin Kutschker masi-no at spam-typo3.org
Thu Nov 6 09:36:54 CET 2008


Marcus Krause schrieb:
> 
> addressing extension developers:
> * Please make sure that confirmation links consist of a random token!
> * Please make sure that confirmation links get invalid after clicking on
> them the one first time!
> * In case you have questions on the implementation, don't hesitate to
> contact the TYPO3 Security Team [1]!
> 
> addressing extension users:
> * If you're using an extension that provides confirmation links, please
> check if the link gets invalid!
> * If confirmation links aren't implemented as one time tokens, please
> contact the extension author and ask him to fix the extension! Please
> use TYPO3 bugtracker (bugs.typo3.org) in the first place!

I suggest also that these links (tokens) have a limited validity.

Masi




More information about the TYPO3-dev mailing list