[TYPO3-dev] Improvement against SQL injections
Felix Eckhofer
fe at studioneun.de
Sat Jun 16 00:01:13 CEST 2007
Hi.
On Friday, 15. June 2007, Lars Houmark wrote:
> By having a simple file, with this array with checksums, this is no
> longer possible. We think that the macina_banners case used exactly
> this method and gave the evil person a very extensive access to the
> actual installation.
Well, would this actually enhance security? The evil hacker might be no
longer be able to create a be-user but he would be still able to do
(almost) everything he could do if he had created a be-user.
He would still be able to arbitrarily create/edit/delete page content
and modify templates.
Where is the improvement on a database-centered platform like Typo3?
regards
felix
--
Studio 9 GmbH Usability now!
http://www.studioneun.de
Geschäftsführer: Christian Hinreiner
HRB München 131 331, Amtsgericht München
More information about the TYPO3-dev
mailing list