[TYPO3-dev] How secure is Typo3 in reguards to things like Google Code Search?

Errol Mars errolmars at gmail.com
Fri Dec 29 08:08:40 CET 2006 

I was just wondering how secure is typo3conf against stuff like Google 
Code Search. I heard about sites (NOT TYPO3 SITES) being hacked by using 
Code Search?

I was fooling around with code search and came across a typo3 config 
file. Now am not saying this is from a live server but it makes you think.

As more of these tools become available is it time to stop using plain 
$typo_db_password?

<?php
$TYPO3_CONF_VARS["SYS"]["sitename"] = "Blank DUMMY";
	// Default password is "joh316" :
// $TYPO3_CONF_VARS["BE"]["installToolPassword"] = 
"bacb98acf97e0b6112b1d1b650b84971";
$TYPO3_CONF_VARS["BE"]["installToolPassword"] = 
"bacb98acf97e0b6112b1d1b650b84961";
## INSTALL SCRIPT EDIT POINT TOKEN - all lines after this points may be 
changed by the install script!

$typo_db_username = 'myndlistaskoli';	//  Modified or inserted by TYPO3 
Install Tool.
$typo_db_password = '...password obscured...';	//  Modified or inserted 
by TYPO3 Install Tool.
$typo_db_host = 'localhost';	//  Modified or inserted by TYPO3 Install Tool.
$typo_db = 'myndlistaskoliweb';	//  Modified or inserted by TYPO3 
Install Tool.
// Updated by TYPO3 Install Tool 29-03-2005 16:31:01
$TYPO3_CONF_VARS['EXT']['extList'] = 
'css_styled_content,tsconfig_help,context_help,extra_page_cm_options,rte,impexp,sys_note,tstemplate,tstemplate_ceditor,tstemplate_info,tstemplate_objbrowser,tstemplate_analyzer,tstemplate_styler,func_wizards,wizard_crpages,wizard_sortpages,lowlevel,install,belog,beuser,phpmyadmin,aboutmodules,imagelist,setup,taskcenter,sys_notepad,taskcenter_recent,taskcenter_rootlist,info_pagetsconfig,viewpage,static_info_tables,templavoila,metatags,sys_todos,static_file_edit,plugin_mgm,tt_calender,indexed_search,tt_news,rte_conf,automaketemplate'; 
       // Modified or inserted by TYPO3 Extension Manager.
$TYPO3_CONF_VARS['EXT']['extConf']['css_styled_content'] = 
'a:1:{s:15:"setPageTSconfig";s:1:"1";}';	//  Modified or inserted by 
TYPO3 Extension Manager.
$TYPO3_CONF_VARS['EXT']['extConf']['templavoila'] = 
'a:1:{s:7:"enable.";a:2:{s:13:"oldPageModule";s:1:"0";s:20:"pageTemplateSelector";s:1:"1";}}'; 
       // Modified or inserted by TYPO3 Extension Manager.
$TYPO3_CONF_VARS['EXT']['extConf']['indexed_search'] = 
'a:3:{s:8:"pdf_mode";s:3:"-20";s:6:"catdoc";s:9:"/usr/bin/";s:8:"pdftools";s:9:"/usr/bin/";}'; 
//  Modified or inserted by TYPO3 Extension Manager.
$TYPO3_CONF_VARS['EXT']['extConf']['rte_conf'] = 
'a:2:{s:3:"en.";a:2:{s:6:"tables";s:1:"1";s:8:"extended";s:1:"0";}s:2:"en";s:1:"1";}'; 
//  Modified or inserted by TYPO3 Extension Manager.
// Updated by TYPO3 Extension Manager 29-03-2005 17:05:52
?>

More information about the TYPO3-dev mailing list