[Typo3-dev] defined vars
Daniel Gercke
gercke at hnm.de
Wed Oct 20 13:59:14 CEST 2004
Hi all,
during writing my own extension i have called get_defined_constants().
And i couldn´t believe what i saw:
TYPO3_db real_db_name
TYPO3_db_username real_username
TYPO3_db_password real_password
TYPO3_db_host real_host
I think this is a security hole (typo3 v. 3.6.2).
If i think about it, i could write an extension which is used by many
people, and it can mail me some database accounts.
--
Daniel Gercke
programmierung . system managements
--
haus neuer medien GmbH . agentur fuer neuen antrieb
.
Tel 03834 8313 0 . Fax 8313 13 . info at hnm.de . www.hnm.de
Wolgaster Strasse 146 (Ollmannsche Villa) . 17489 Greifswald
AG Stralsund HRB 5089 . Geschaeftsfuehrer RA Daniel Scheibner
.
--
[Diese Nachricht gilt als frei von Viren und gefaehrlichen Dateianhaengen.
Schutz vor Viren und Spam von haus neuer medien. Bei Fragen oder Interesse Kontakt ueber mailscanner at hnm.de oder 03834 83130.]
More information about the TYPO3-dev
mailing list