[TYPO3-english] Howto protect an eID url?

Christian Platt christian.platt at pharmaline.de
Thu Feb 14 16:14:39 CET 2013 


Why not start with the follwoing lines:

if (!defined ('PATH_typo3conf')) die ('Could not access this script directly!');

in js you just acess index.php

 $.ajax({
       	url: baseURL+"index.php",               // watch for  RealURL!
       	type: "post",                    // Typ3 of posting
        data: {
            	eID: "name of my_eID",       //the id you gave your eID
           .....


That protects your eID, doesnt it?

Christian



Am 14.02.2013 um 15:53 schrieb bernd wilke:

> Am 14.02.2013 11:56, schrieb Rik Willems:
>> Hi all,
>> 
>> Through javascript I want to call an eID script that collects some data
>> through a webservice. I don't want others to be able to harvest the
>> eID/webservice data, so I need to protect it in some way.
>> 
>> Who can point me in the right direction? What is the best way to protect
>> eID calls in combination with javascript?
>> 
> as all algorithm you implement only in JS can be reused you need a key from your server in your JS, which changes by an unknown algorithm and which allows only a restricted number of requests.
> 
> something like:
> a JS-variabel is set with a coded timestamp, which has to be provided in the eID-call as parameter and which will give results in a time interval of 1 hour ?
> 
> it is the same than forms which must be protected against spam submits.
> 
> the used algorithms are:
> captcha,
> IP white-/blacklists,
> hidden (and coded) values (cookies and/or undisplayed input-fields) containing timestamps, referer, chashs to data stored on the server.
> 
> with algorithms which check time-intervals, IP, requests per time from unique IP, referer, empty and filled input-fields (input fields with "display:none" should not contain values, ...)
> 
> and all of these methods may filter some misuse and also filter some valid usage.
> 
> bernd
> -- 
> http://www.pi-phi.de/cheatsheet.html
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list