[Typo3-dev] New Extension: to be released or not
dan frost
dan at danfrost.co.uk
Thu Sep 4 10:54:16 CEST 2003
The system admin (i.e. the person who installed Typo3) should be able to
restrict access - perhaps using TSConfig.
A tool like this would be really useful - you even have scripts run via
buttons. E.g. "BACK-UP SITE" would "cp -R [site] [back-up place]".
I think it's more useful than dangerous - assuming the sys-admin is
always careful.
dan
p.s. perhaps having a special user/user-group in *nix - e.g. T3users,
who can only do certain things..?
Andreas Beutel wrote:
>Hi Developers,
>
>I'm somehow unsure with the release of a Typo3 extension we've developed, so
>I would like to ask you on your opinion.
>
>The extension is a backend module for admin users only (and ist operable on
>UNIX only). It provides a web-based shell for Typo.
>
>Shell access is for example needed when you want to upload tar files and
>untar them on the server so they are all owned by the user running the web
>server process, on some systems you can also check logfiles an so on.
>
>Of course this reveals security problems on some installations. On the one
>hand I think it's up to the server admin to keep the machine secure, on the
>other hand it could be bad for Typo3 to have such a tool as an easy to
>install module (and maybe some providers will stopp php-shell-exec support).
>Of yourse one can code that easily in 10 minutes and upload it as a normal
>PHP Script.
>
>What do you think? Should we release it to the public or should keep it
>"members only"?
>
>All the best
>Andreas
>
>
>_______________________________________________
>Typo3-dev mailing list
>Typo3-dev at lists.netfielders.de
>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>
>
>
>
More information about the TYPO3-dev
mailing list