[Typo3-dev] Extension and resources (images, ...) and security
Steffen Mueller
steffen at davis.kommwiss.fu-berlin.de
Thu May 13 14:54:26 CEST 2004
On 13.05.2004 14:10 Christian Trabold wrote:
>
> .htaccess allows access-rules to specific files in a folder.
>
> I think of an rule that denies all access in typo3conf/ *but* allows
> transfer for graphic files so that these can be shown in the browser.
>
This wouldn't stop bad guys from figuring out which extensions are
installed.
For example:
http://foo.bar/typo3conf/ext/eu_ldap/ext_icon.gif
This could mean: foo.bar are using LDAP.
Of course, installed extensions don't tell anything about being
activated or not.
So, this is just a very minor security issue.
--
cheers,
Steffen
----------------------------------------------------------
"Education is man's going forward from cocksure ignorance
to thoughtful uncertainty." (Don Clarks' Scrapbook)
----------------------------------------------------------
More information about the TYPO3-dev
mailing list