[TYPO3-dev] Separate Backend & Frontend Installation
Dmitry Dulepov [typo3]
dmitry at typo3.org
Wed Jan 16 19:21:27 CET 2008
Stefan Beylen wrote:
> Hi,
>
> my client is very concerned about (currently unknown) security issues.
He can use mod_security, SpamHaus'es drop lasso, geographical blocking, etc. There are lots of methods.
> so I was thinking about making 2 separate installs, one for
> backend/frontend use with r/w-access to the database and one just for
> frontend use with readonly access to tt_content, pages, be_users,
> whatever and r/w access to cache tables and others necessary.
You still need typo3/ and t3lib/ in both installations. For example, FE comes from typo3/sysext/cms but extensively uses t3lib/.
What you can do is lock /typo3 on the FE part with .htaccess or in virtual host configuration. Backend installation can have http authentication.
In fact it would be enough to use FireFox + HTTP digest authentication for typo3/. As far as I know (though I did not research it specially), it is very secure.
> does anyone see a problem with this approach? did I forget anything
> important or did not think of any other problems that could occur?
Hard to say. I doubt anyone tried it.
> the frontend/backend instance would not be reachable from outside, just
> from local network of course...
Not sure what you mean by this statement.
--
Dmitry Dulepov
TYPO3 core team
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
"Nothing is impossible. There are only limits to our knowledge"
More information about the TYPO3-dev
mailing list