I just installed this Plugin and i have a question:
If somebody would login through doccheck and write down the dc-Parameter after redirect from doccheck to TYPO3 (i.e. with the help of the developer tools of his browser), and would maybe make this link public in a newsgroup or somewhere else anybody could login with this url http://your-typo3-site.example.org/login/?logintype=login&dc=KNOWN-THROUGH-DEBUG when using your plugin correct?
Edit: I mean the content is not really secure this way.. sure everybody could share his doccheck login credentials or just make screenshots but the mechanism behind it all is just a check for the dc-parameter and this seems to be really weak security.
I just installed this Plugin and i have a question:
If somebody would login through doccheck and write down the dc-Parameter after redirect from doccheck to TYPO3 (i.e. with the help of the developer tools of his browser), and would maybe make this link public in a newsgroup or somewhere else anybody could login with this url http://your-typo3-site.example.org/login/?logintype=login&dc=KNOWN-THROUGH-DEBUG when using your plugin correct?
Edit: I mean the content is not really secure this way.. sure everybody could share his doccheck login credentials or just make screenshots but the mechanism behind it all is just a check for the dc-parameter and this seems to be really weak security.
Kind regards, Christoph