[Typo3-dev] typo3 security team
Martin Klaus
mascht at hotmail.com
Thu Sep 25 15:40:59 CEST 2003
Hi kaspar, hi list
a well defined securitymanagement for solving and searching for (even before
they occur) security vulnerabilities is getting more and more important for
having a good reputie at the customers.
The actually found 'security issue' was handled very fast!
It's a relative small bug if you think about the backend, but very severe
one if you think about the frontend as kaspar allready mentioned. But the
bug fix is not not solving the problem itself (to many rights for
users/editor adding content, or px. not following the coding guidelines for
frontend plugins)
so just an idea:
How about a typo3 security team. Maybe it should be an integrated part of
the upcomming extension review process too.
It would be a great benefit to check at least for the very well known
security problems known in web appliaction coding (sql-statement
vulnerability, cross side scripting, not checking user input generally
before save it to database... and so on)
kaspar what do you think about that idea?
- Martin KLAUS (klausm)
(hope that's the correct list for this posting)
-----------------------
The mailing list archive is found here:
http://typo3.org/1427.0.html
More information about the TYPO3-dev
mailing list