[TYPO3-core] RFC: #16437: Introduce a form protection API
Helmut Hummel
helmut at typo3.org
Wed Nov 17 09:39:03 CET 2010
Hi,
This is a SVN patch request.
Type: Security enhancement/ feature
Branches: trunk (please read [1] for an explanation why trunk only)
Problem:
TYPO3 currently lacks an API that can be used to secure forms and URLs
against Cross Site Request forgery attacks.
Solution:
Introduce such an API
Notes:
This patch was mainly done by Oliver Klee, but reviewed and revised by
Ernesto and myself.
The usage of the formprotection will go in a different RFC.
How to test:
Execute the unit tests
[1]http://buzz.typo3.org/teams/security/article/typo3-45-will-be-the-most-secure-typo3-version-ever/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 16437.diff
Type: text/x-patch
Size: 57809 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101117/b0c1768f/attachment-0001.bin>
More information about the TYPO3-team-core
mailing list