[TYPO3-dev] Reason for tables restriction of the CONTENT object
JoH asenau
info at cybercraft.de
Wed May 23 11:36:11 CEST 2007
>>> e.g. 'fe_users' is granted while access to 'be_users' is not. I
>>> wonder
>>
>> You should not access be_* from frontend. This is a simple security
>> thing.
>
> OK, so why does the restriction then follow the rules
> 'deny anything and allow only partials' ?
>
> I could make a bug report as feature request and apply a patch, but
> only if it makes sense. I don't know if I get everything right?
>
> What do you think?
If you want to make a feature request, it should just be about adding the
language overlay table to the allowed tables. It should not be possible at
all to get access to other tables just by changing a TSconfig property since
this would open up serious security holes.
Usually all the tables that are interesting for fronted output (and this is
what CONTENT usually does) are following the rule. You found out one
exception so this should be added to the rule.
Just my 2 cents
Joey
--
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have no clues: simply shut your gob sometimes!)
Dieter Nuhr, German comedian
openBC/Xing: http://www.cybercraft.de
T3 cookbook: http://www.typo3experts.com
More information about the TYPO3-dev
mailing list