[TYPO3-dev] securing TYPO3 by disallowing execution of arbitrary code via ext_tables.php and ext_localconf.php
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Fri Jul 21 09:44:06 CEST 2006
Hi!
IMHO the system were a tick more secure if TYPO3 would only then execute
code in ext_tables.php and ext_localconf.php if there is a flag present in
ext_emconf.php.
With this flag only ext_emconf.php must be protected. An attacker may not
use write rights to an extenions directory to get his code into TYPO3.
Masi
More information about the TYPO3-dev
mailing list