[TYPO3-dev] Double opt-in, user registration and confirmation links
Martin Kutschker
masi-no at spam-typo3.org
Thu Nov 6 09:36:54 CET 2008
Marcus Krause schrieb:
>
> addressing extension developers:
> * Please make sure that confirmation links consist of a random token!
> * Please make sure that confirmation links get invalid after clicking on
> them the one first time!
> * In case you have questions on the implementation, don't hesitate to
> contact the TYPO3 Security Team [1]!
>
> addressing extension users:
> * If you're using an extension that provides confirmation links, please
> check if the link gets invalid!
> * If confirmation links aren't implemented as one time tokens, please
> contact the extension author and ask him to fix the extension! Please
> use TYPO3 bugtracker (bugs.typo3.org) in the first place!
I suggest also that these links (tokens) have a limited validity.
Masi
More information about the TYPO3-dev
mailing list