[TYPO3-dev] Improvement against SQL injections
Lars Houmark
lars at houmark.com
Sat Jun 16 13:43:44 CEST 2007
On 16/06/07 10:36, in article
mailman.1.1181982984.8848.typo3-dev at lists.netfielders.de, "Martin Kutschker"
<martin.kutschker-n0spam at no5pam-blackbox.net> wrote:
> Use two DB uses: one is for the BE and has full write access. The other
> for the FE has only read access to tables like be_users (or no access at
> all!). If you want to can tune the permissions down to column level.
>
> Masi
Again. This demands for the end user to set it up correctly. By having the
checksum method, we ensure that TYPO3 is running safely. Thin about all the
simple webhotel users which do not have any access to doing such smart
things...
- Lars
More information about the TYPO3-dev
mailing list