[Typo3-dev] typo3 security team
Andreas Otto
andreas at php4win.de
Thu Sep 25 15:59:56 CEST 2003
Hi Martin,
On Thursday 25 September 2003 15:40, Martin Klaus wrote:
> so just an idea:
> How about a typo3 security team. Maybe it should be an integrated part of
> the upcomming extension review process too.
>
> It would be a great benefit to check at least for the very well known
> security problems known in web appliaction coding (sql-statement
> vulnerability, cross side scripting, not checking user input generally
> before save it to database... and so on)
You are perfectly right. Now, the good news is that the ideas you have will be
a part of the extension review process and are already described in a, not
yet published, document called 'Extension Review Guidelines'.
The extension review process is currently tested and once the testing is done
a final version of the above mentioned document will be published.
Cheers,
Andreas
--
Andreas Otto <andreas at php4win.de>
Using PHP on Windows? www.php4win.de
More information about the TYPO3-dev
mailing list