[TYPO3-dev] How secure is Typo3 in reguards to things like Google Code Search?
Christopher Torgalson
bedlamhotel at gmail.com
Fri Dec 29 08:36:27 CET 2006
Hi,
On 12/28/06, Errol Mars <errolmars at gmail.com> wrote:
> I was just wondering how secure is typo3conf against stuff like Google
> Code Search. I heard about sites (NOT TYPO3 SITES) being hacked by using
> Code Search?
>
> I was fooling around with code search and came across a typo3 config
> file. Now am not saying this is from a live server but it makes you think.
>
> As more of these tools become available is it time to stop using plain
> $typo_db_password?
>
> <?php
<snip>
The first line of your quoted code probably answers your
question--that's a PHP file. If it can be accessed by Google's
spiders, something is already badly misconfigured on the server where
the file resides. If you execute
http://www.domain.tld/typo3conf/localconf.php--which is all that a
spider can do--you should get a blank html page in the browser.
--
Christopher Torgalson
More information about the TYPO3-dev
mailing list