[TYPO3-dev] Thoughts about security in BE

[Marcus Krause]

Georg Ringer wrote:
> Marcus Krause schrieb:
>> Where does a typical admin in BE has to possibility to access the DB 
>> directely - by using phpmyadmin. 
> 
> and all extensions he has got direct writing access 

Writing access to installed extensions is by default NOT enabled and has to be 
activate by setting $TYPO3_CONF_VARS['EXT']['noEdit']
Also with implementing suggested points admin has to authenticate first to use 
Extension Manager tool.