[Typo3-dev] Extension and resources (images, ...) and security
Daniel Brün
dbruen at saltation.de
Thu May 13 09:58:45 CEST 2004
Hi folks!
I already posted this on the english list quite a while ago. Maybe it's
worth to think about it.
Say you have an FE-extension that brings its own set of small Jpegs
(e.g. for buttons) or other resources that have to be accessible from
the outside world.
Where do you place them? When put into ext/my_ext/res, for instance,
then this directory has to be "open", so the browser can access
www.mydomain.com/typo3conf/ext/my_ext/res/example.jpg ?!
Of course this is the case in most installations.
BUT: As most FE-ext-files are only included by other scripts, the
directory not necessarily has to be opened for the outside world, right?
This would prevent people from being able to check out which extensions
there are installed on my system, which would increase security.
A possible solution could be to implement a mechanism that copies the
necessary extension-resources to fileadmin/extres/my_ext/...
What do you think?
Ciao,
Dan.
More information about the TYPO3-dev
mailing list