Tokens for Forms?

« 
Previous topic
|
General
|
Next topic
 »
Author Message

Wei Dai

Monday 27 June 2011 2:48:37 am

Hello, it is a big surprise that in eZ Publish, we don't have a way to generate a token for each forms: whether they are built upon information collectors or eZ Survey. Sure, we have various captcha extensions but it they are not built-in with eZ Publish.

 

I am think that at lease, eZ Publish maybe provides a token datatype? How do you solve your CSRF problem?

Certified eZ Publish 4 developer looking for develop information & collaboration.

André R.

Monday 27 June 2011 5:06:34 am

4.5 got token support, but token verification needs to be done by an extension.
The problem is that it breaks all ajax code that does not use ezjscore function ( .ez() ), so until that is handled a bit more elegantly it is not included by default but provided to customers that are willing to adapt their code to make it work.

It will in some form be bundled with 4.6 I think.

eZ Online Editor 5: http://projects.ez.no/ezoe || eZJSCore (Ajax): http://projects.ez.no/ezjscore || eZ Publish EE http://ez.no/eZPublish/eZ-Publish-Enterprise-Subscription
@: http://twitter.com/andrerom

Nicolas Pastorino

Monday 27 June 2011 5:08:56 am

Hi Wei, 

This is indeed an issue. I would recommend, as a temporary solution which however impacts the end-user a bit, using the recaptcha extension for eZ Publish : http://projects.ez.no/recaptcha.

Secondly, i would recommend filing a request for enhancement there : http://issues.ez.no/ezpublish , detailing the feature.

Cheers !

--
Nicolas Pastorino
Director Community - eZ
Member of the Community Project Board

eZ Publish Community on twitter: http://twitter.com/ezcommunity

t : http://twitter.com/jeanvoye
G+ : http://plus.tl/jeanvoye

Nicolas Pastorino

Monday 27 June 2011 5:09:54 am

I can see Andre posted at the same time as me, providing another solution for this. Now you have several options to pick from !

--
Nicolas Pastorino
Director Community - eZ
Member of the Community Project Board

eZ Publish Community on twitter: http://twitter.com/ezcommunity

t : http://twitter.com/jeanvoye
G+ : http://plus.tl/jeanvoye
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.