[TYPO3-core] RFC: Feature #10585: Enable BE-User to change their OpenID
Steffen Gebert
steffen at steffen-gebert.de
Sun Sep 6 20:25:24 CEST 2009
On Sat, 05 Sep 2009 03:28:15 +0200, Steffen Gebert
<steffen at steffen-gebert.de> wrote:
> On Thu, 03 Sep 2009 16:49:46 +0200, Steffen Gebert
> <steffen at steffen-gebert.de> wrote:
>
>> I don't know how to make it better! So if nobody gives me inspiration,
>> the last version stays.
>
> As #11407 is ready to commit since a few minutes, I got the missing idea
> :-P
>
> Attached is v4, which uses new type 'user' and so it's now configurable
> on
> be_group basis.
>
> One idea to think of for the reviewers (as my brain is unable in these
> hours): What happens if a user, who is NOT allowed to change his OpenID,
> modifies the POST-request and adds a value for field_tx_openid_opendid?
> This might be a security risk (if it's possible)!
Reminder
This version now allows to define access on be-group basis.
Steffen
More information about the TYPO3-team-core
mailing list