[TYPO3-dev] Thoughts about security in BE
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Fri Jan 18 12:46:37 CET 2008
Marcus Krause schrieb:
>
> - Password changes to user accounts requires old/current password
Possible (Core change).
> - before using extension phpmyadmin you should explicitely requested to
> insert current password
I'd use a specific password for the tool, not the user's password (or
perhaps both). Anyway this is a change of the ext which is not mainted by
the Core team as isn't a sysext any more.
> - before installing extensions with ext-manager you should explicitely
> requested to insert current password
Possible (Core change).
As I undertsand you want to protect the BE against hijacking of an admin
session. Is this correct?
Masi
More information about the TYPO3-dev
mailing list