[Typo3-dev] Extension and resources (images, ...) and security
Daniel Brün
dbruen at saltation.de
Thu May 13 15:34:11 CEST 2004
Hi!
>> .htaccess allows access-rules to specific files in a folder.
That's right, but that would require to manually adjust the .htaccess
for every single extension.
> This wouldn't stop bad guys from figuring out which extensions are
> installed.
>
> For example:
> http://foo.bar/typo3conf/ext/eu_ldap/ext_icon.gif
>
> This could mean: foo.bar are using LDAP.
That's right.
I think it would be best if the EM would simply copy the content of the
my_ext/res directory into something like /fileadmin/public_res/my_ext/
or some other public place.
Then the entire my_ext-Directory can be locked for browsers. This
definitely IS a security improvement, especially for extensions with
many, many php-files that potentially may contain leaks!
Later,
Dan
More information about the TYPO3-dev
mailing list