[TYPO3-dev] Improvement against SQL injections
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Mon Jun 18 12:20:32 CEST 2007
Elmar Hinz schrieb:
>> Oh, well, this is not so simple. Of course, all data modification should
>> go through TCEmain, it can watch and create this file. But checing it is
>
> Hi Dmitry,
>
> What do you mean with "all data modification should go through TCEmain"?
> Now, it would be a consistent way to handle things.
But we cannot enforce it. That's why I think adding extra checks this way
won't help. Any ext. author may get direct access to DB via the PHP API if
he wants to.
Masi
More information about the TYPO3-dev
mailing list