[Mageia-sysadm] Forum account

Michael Scherer misc at zarb.org
Tue Jun 14 14:56:46 CEST 2011


Le mardi 14 juin 2011 à 14:06 +0200, Romain d'Alverny a écrit :

>  - having a scheme for identity to know where to redirect users
> afterwise (not using the referrer, but having known keywords, like:
> http://identity.mageia.org/register/?return_to=forums so identity
> knows how to act/what to suggest after registration)

I see 2 solutions :
- keyword system ( ie, a keyword, and we lookup a table to redirect )
- direct url 

The first one is likely more secure, but requires to keep track of the
table, and I think it would be better to not have yet another list to
manage.

The second one requires us to do some filtering to avoid problem ( like
checking this is a proper url, that the url is only on our domain, and
avoid basic attack like using @, url escaping, etc ).


-- 
Michael Scherer



More information about the Mageia-sysadm mailing list