Magento Admin URL Routing – During the best marketplace module development in magento we have investigated security in a very deep sense . There is a lot of fuss why magento adds key in every admin url or magento custom module ? here is the complete explanation of the magento URL routing and custom module URL key addition .
Why there is a need for magento admin URL key ? This is really important from point of view of security , magento key is a nonce which will protect the system with the CSRF attacks . have a look at magento admin module url example
http://magento.webkul.com/Marketplace/index.php/marketplacepartner/products/index/key/bef2f86b1333fff53esssdb7d7bf7f84ac/
as you can see here /key/bef2f86b1333fff53esssdb7d7bf7f84ac/ is a nonce which will be added to module index controller automatically
if you will remove the key and then enter the url then it will redirect to main magento dashbaord controller. Every url have different and its own nonce .
under system config of the magento these secret kets can be hide . you need to just disable it from magento system configuration
secret keys can be obtain for a particular module case
<?php $key = Mage::getSingleton('adminhtml/url') ->getSecretKey("webkul_modulename/index/","index"); ?>
as webkul here is namespace and modulename is module name of custom module e.g marketplace
Be the first to comment.