[Typo3-dev] Typo3 security
Michael Scharkow
mscharkow at gmx.net
Mon Dec 20 14:44:56 CET 2004
Suman Debnath wrote:
> There are some concerns which are being expressed - primarily on
> "Security". There are concerns on "malafied hacking" - using Typo3's
> undiscovered 'Security holes' (if any) to vandalise and illegaly
> break into the Telecom company's systems. Should we or the client or
> IBM be concerned about this at all?
Of course, you all should be concerned about security but there are
several points in this case about security:
1. An exposed host (whether as intra-or extranet) should be strictly (in
hardware!) separated by the Telecom company's production systems.
2. Most of the security bugs that occured with TYPO3 are PHP security
flaws, and the PHP people have often made the impression to me that they
are not as security aware as they ought to. This seems to improve nowadays.
3. TYPO3 is designed to be secure, and there are no known
vulnerabilities in the current code AFAIK.
So yes, you should be aware that security holes may appear (which
necessarily occurs at some point with any software) but at the moment,
TYPO3 is as secure as possible.
Greetings,
Michael
PS: This thread should probably not be in -dev.
More information about the TYPO3-dev
mailing list