[Typo3-dev] Security: limit extension available to install
Peter Russ
peter.russ at 4dfx.de
Mon Jan 10 21:54:18 CET 2005
Mathias Schreiber [wmdb] wrote:
> Jochen Weiland wrote:
>
>> I am looking for a way to limit the extensions available for a user to
>> install. Consider these scenarios:
>>
>> - Someone might decide to write a harmful extension
>> - There may be extensions that are poorly programmed and thus provide
>> a thread for a stable environment or extensions that provide the user
>> with more features/rights than desired
>
>
> This came up in a discussion of Ingmar, Sebastian and me.
> White list is the only "save" thing.
>
> Ingmar?
>
>
What's about the idea to have a seperate, private repository instead of
typo3.org where you could put in all the extensions you trust. That
should be the most easiest way to implement. What's about the code for
the repository server? Is it available for the public or should it be
reinvented?
Regs. Peter.
More information about the TYPO3-dev
mailing list