[TYPO3-dev] Best practice for authentication of BE-Users in Third Party Software
Andreas Beutel
beutel at mehrwert.de
Mon Jul 9 17:10:58 CEST 2007
Henning Pingel schrieb:
> Hi Elmar, hi Andreas,
>
> It's likely that that not every php file of the third party tool PMA
> does include the config file. To ensure correct authentication, it would
> be necessary to include the class that contains the authentication from
> EVERY php file that exists in PMA. That means that the PMA source code
> has to be changed. Am I wrong?
Hi Henning,
since I could not fix my T3 related problems I did not do a security
review of PMA and its architecture up to now. Anyhow I assume that all
relevant scripts of PMA (in terms of security) include the global PMA
config file since that is the place where all access related
configuration is done.
Of course I will check this before I upload and release a new version of
the phpMyAdmin extension.
Regards,
Andreas
More information about the TYPO3-dev
mailing list