[TYPO3-templavoila] Giving the TO as a GET/POST parameter

[Dmitry Dulepov]

Hi!

Jean-Baptiste Rio wrote:
> Dmitry Dulepov wrote:
>> Passing TO in the
>> URL may lead to security problems.
>>
> 
> How can it be possible ?

Depends on your site. For example, if you have TO for normal, advanced
and admin templates and you show normal to everyone, advanced to logged
in, then one could easily view admin version too.

I am strongly against such parameters. They are not necessarily bad for
all applications but I think it is bad practice.

Dmitry.
-- 
"It is our choices, that show what we truly are,
far more than our abilities." (A.P.W.B.D.)