[TYPO3-dev] How secure is Typo3 in reguards to things like Google Code Search?
Matthias Stuebner
news at stuebner.de
Sat Dec 30 14:13:13 CET 2006
On Fri, 29 Dec 2006 02:08:40 -0500, Errol Mars wrote:
> I was just wondering how secure is typo3conf against stuff like Google
> Code Search. I heard about sites (NOT TYPO3 SITES) being hacked by using
> Code Search?
>
> I was fooling around with code search and came across a typo3 config
> file. Now am not saying this is from a live server but it makes you think.
>
> As more of these tools become available is it time to stop using plain
> $typo_db_password?
The search word "typo_db_password" finds many many many of these real live
installations, but these are not the installations in real, but archives of
them.
So the important part is: Never store an archive of your site in docroot!
--
br Matthias
More information about the TYPO3-dev
mailing list