[TYPO3-dev] Improvement against SQL injections
Lars Houmark
lars at houmark.com
Sat Jun 16 15:43:07 CEST 2007
On 16/06/07 15:19, in article
mailman.329956.1181999992.21067.typo3-dev at lists.netfielders.de, "ries van
Twisk" <typo3 at rvt.dds.nl> wrote:
> One problem with
> two DB users (now I think of it)
>
> os that may be that some hosters doesn't allow you to setup
> two users for one database. I am not sure since I never
> use a hoster to host my websites.
>
> I remember that once I have seen plesk and that is just a
> big pain in the arse to get things done.
>
> Somebody know more about that?
>
This was exactly my point. The security of the backend is depending on first
access/allowance of using two DB users and secondly that the user is
actually doing it.
We have learned from the coding guidelines, that even developers do not read
them and create insecure extensions - otherwise we did not have this
discussion.
So I seek a solution where this is controlled with no user setup and by
TYPO3 alone. I think your ideas about improving security with improved setup
belongs in the documentation about tuning a server setup.
- Lars
More information about the TYPO3-dev
mailing list