[TYPO3-core] RFC: #16439: Use the form protection API to implement a CSRF protection (1)
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Nov 17 12:28:39 CET 2010
Helmut Hummel schrieb am 17.11.2010 10:16:
> this is a SVN patch request.
>
> Type: Security enhancement/ feature
>
> Branches: trunk (please read [1] for an explanation why trunk only)
>
> Problem:
> #16437 introduces a new form protection API that is currently not used
> anywhere
>
> Solution:
> Use the form protection in the install tool and the user setup
>
> Notes:
>
> Test this in conjunction with #16437
>
> Until the next beta releases I want to convert all backend modules to
> use the dispatcher, so that the some of the initialisation and token
> persisting can be done in a central place.
>
> Of course more places need to be handled for a complete CSRF protection.
> This will be done latest until the firt release canditate.
Thanks a lot! +1 by reading and testing.
Committed to trunk rev. 9441.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list