[Typo3-dev] Extension and resources (images, ...) and security

Daniel Brün dbruen at saltation.de
Thu May 13 09:58:45 CEST 2004


Hi folks!

I already posted this on the english list quite a while ago. Maybe it's 
worth to think about it.

Say you have an FE-extension that brings its own set of small Jpegs 
(e.g. for buttons) or other resources that have to be accessible from 
the outside world.
Where do you place them? When put into ext/my_ext/res, for instance, 
then this directory has to be "open", so the browser can access 
www.mydomain.com/typo3conf/ext/my_ext/res/example.jpg ?!

Of course this is the case in most installations.

BUT: As most FE-ext-files are only included by other scripts, the 
directory not necessarily has to be opened for the outside world, right?
This would prevent people from being able to check out which extensions 
there are installed on my system, which would increase security.

A possible solution could be to implement a mechanism that copies the 
necessary extension-resources to fileadmin/extres/my_ext/...

What do you think?

Ciao,

Dan.




More information about the TYPO3-dev mailing list