[Typo3-dev] Security: limit extension available to install
Sebastian Kurfuerst
sebastian at garbage-group.de
Thu Jan 13 15:18:31 CET 2005
Hi,
If we make the white list configurable in the install tool, the TYPO3 BE
Admin has no access to it if he doesn't know the install tool password.
What do you think of this?
Sebastian
Karsten Dambekalns wrote:
> Jochen Weiland wrote:
>
>
>>Mathias Schreiber [wmdb] wrote:
>>
>>
>>>White list is the only "save" thing.
>>>
>>
>>One idea is to provide a default white list to start with, i.e. all
>>extensions that are positively rated by the upcoming event in Copenhagen.
>
>
> Well, after that event we hope to have enough reviewed extensions, to make
> the EM only display those by default. This solves this partly.
>
> Anyway, who defines the whitelist? The admin of the site? What should then
> keep himself from changing the whitelist to 'just install this one really
> quick' and shoot himself in the foot with it?
>
> How would you set up such a whitelist, so that the admin acnnot circumvent
> it? And that is needed, since only an admin is allowed to install
> extensions anyway.
>
> Karsten
More information about the TYPO3-dev
mailing list