[TYPO3-dev] Improvement against SQL injections
Lars Houmark
lars at houmark.com
Sat Jun 16 21:04:18 CEST 2007
On 16/06/07 8:57, in article
mailman.1.1181977075.22964.typo3-dev at lists.netfielders.de, "Georg Ringer"
<mail-spam at ringerge.org> wrote:
> What is about the security reviews? It has sounded quite promising and
> would be the correct way! If a new extension gets into TER, it is first
> of all an unescure ext except some special cases like (just some ideas)
> - having no sql query in it
> - beeing just a modification in BE (like date2cal,..)
> - Beeing just a small update of an secure extension.
This really belongs to another thread.
> We really need this review thing starting *again*
As there is more than 2000 extensions and at least 10 new or updated
extension every single day, this is simply an impossible job with the
manpower we have at the time being. Remember this is volunteer work and no
one gets paid. Also, we need some pretty skilled persons to do these reviews
if they should be worth anything.
We are struggling just to keep up with extension issues and flaws being
reported. I am not saying that we have insanely many cases submitted. Each
case is just taking up many hours and our team is in fact very small.
- Lars
More information about the TYPO3-dev
mailing list