[TYPO3-dev] Security Warning
Peter Russ
peter.russ at 4many.net
Wed Feb 8 09:42:03 CET 2006
Steffen Kamper schrieb:
[...]
> Cause of that i wanted this discussion, maybe to show some more points of
> vulnarabilty - there are surely some more, and some ext should be awared too
IMHO this is not clearifying things. It's more confusing: Could you come
up with a proposal HOW to hold DB user and pwd for DB access in PHP in
the same process and making this NOT accessible for all functions?
The only safe solution for the moment is: a non admin is NEVER allowed
to install ANY PHP code. So this is the same to all systems, not special
to PHP or TYPO3 ;-)
So allowing a USER to include any PHP code is similar to stop a firewall
and turn off your virus scanner.
Regs. Peter.
--
Fiat lux!
Docendo discimus.
_____________________________
4Many® Services
openBC: http://www.openbc.com/go/invuid/Peter_Russ
More information about the TYPO3-dev
mailing list