[TYPO3-dev] Improvement against SQL injections

[Martin Kutschker]

Lars Houmark schrieb:
> 
> Why all this?
> 
> Well. When an evil person is using an exploit, he gain access to modify 
> rows in the database. An simple insert query can add another backend 
> user, which is admin!!! (only a 1 is needed in the field admin).

Use two DB uses: one is for the BE and has full write access. The other 
for the FE has only read access to tables like be_users (or no access at 
all!). If you want to can tune the permissions down to column level.

Masi