[TYPO3-core] RFC: #16439: Use the form protection API to implement a CSRF protection (1)
François Suter
fsu-lists at cobweb.ch
Wed Nov 17 10:43:24 CET 2010
Hi,
> Until the next beta releases I want to convert all backend modules to
> use the dispatcher, so that the some of the initialisation and token
> persisting can be done in a central place.
Note that there's already a pending patch by Steffen Kamper for this.
However it got stuck with db_list, which required some special handling
and the RFC about that particular problem got bogged down in
discussions. However I would support progress on this topic for beta2,
as changing all BE modules to use the dispatcher mechanism also reduces
the inclusions of typo3/init.php, thus reducing the risks of
interferences when changing something in that script.
Cheers
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-team-core
mailing list