[Typo3-dev] Security: limit extension available to install
Karsten Dambekalns
k.dambekalns at fishfarm.de
Thu Jan 13 14:06:23 CET 2005
Jochen Weiland wrote:
> Mathias Schreiber [wmdb] wrote:
>
>> White list is the only "save" thing.
>>
>
> One idea is to provide a default white list to start with, i.e. all
> extensions that are positively rated by the upcoming event in Copenhagen.
Well, after that event we hope to have enough reviewed extensions, to make
the EM only display those by default. This solves this partly.
Anyway, who defines the whitelist? The admin of the site? What should then
keep himself from changing the whitelist to 'just install this one really
quick' and shoot himself in the foot with it?
How would you set up such a whitelist, so that the admin acnnot circumvent
it? And that is needed, since only an admin is allowed to install
extensions anyway.
Karsten
More information about the TYPO3-dev
mailing list