Martin Bless
2008-01-09 19:14:46 UTC
In a webproject customers fill in a name and a password. The data is
send to another institution which does the evaluation. As a result one
of two of my URLs is called, meaning either SUCCESS or NOSUCCESS.
In the success case a TYPO3 FE login should happen. There is only one
kind of FE user, so everybody is logged in as user ABC with password
SECRET.
For example, if I tell the other institution to call
http://www.mydomain.example//index.php?id=77&logintype=login&user=ABC&pass=SECRET&pid=4
in the success case this will work but reveal the parameters in the
url line of the browser.
It is not necessary to ensure real security. In my case obfuscation
would be sufficient.
Q: How can I achieve a FE login via link and at the same time hide the
parameters and the mechanism?
Still wishing a happy new year to everybody :-)
Martin
send to another institution which does the evaluation. As a result one
of two of my URLs is called, meaning either SUCCESS or NOSUCCESS.
In the success case a TYPO3 FE login should happen. There is only one
kind of FE user, so everybody is logged in as user ABC with password
SECRET.
For example, if I tell the other institution to call
http://www.mydomain.example//index.php?id=77&logintype=login&user=ABC&pass=SECRET&pid=4
in the success case this will work but reveal the parameters in the
url line of the browser.
It is not necessary to ensure real security. In my case obfuscation
would be sufficient.
Q: How can I achieve a FE login via link and at the same time hide the
parameters and the mechanism?
Still wishing a happy new year to everybody :-)
Martin