[TYPO3-core] RFC: Feature #10585: Enable BE-User to change their OpenID
Steffen Gebert
steffen at steffen-gebert.de
Sat Sep 5 03:28:15 CEST 2009
On Thu, 03 Sep 2009 16:49:46 +0200, Steffen Gebert
<steffen at steffen-gebert.de> wrote:
> I don't know how to make it better! So if nobody gives me inspiration,
> the last version stays.
As #11407 is ready to commit since a few minutes, I got the missing idea
:-P
Attached is v4, which uses new type 'user' and so it's now configurable on
be_group basis.
One idea to think of for the reviewers (as my brain is unable in these
hours): What happens if a user, who is NOT allowed to change his OpenID,
modifies the POST-request and adds a value for field_tx_openid_opendid?
This might be a security risk (if it's possible)!
Steffen
P.S: As I will be away most time of this weekend I kindly ask one of you
to take care of remarks. Hope I'm back on sunday evening.
More information about the TYPO3-team-core
mailing list