[TYPO3-dev] Thoughts about security in BE

Martin Kutschker Martin.Kutschker at n0spam-blackbox.net
Mon Jan 21 11:49:14 CET 2008

Previous message: [TYPO3-dev] Thoughts about security in BE
Next message: [TYPO3-dev] Thoughts about security in BE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Pötzinger schrieb:
 > - force IP check, referer check etc (build in)

A clever attacker overcomes this problem

 > - add htaccess to BE

And add what restriction? IP check, perhaps, but IP addresses can be spoofed.

> - force SSL

Won't help with XSS (or another hijacking method) unless you require client 
certificates.

Masi

Previous message: [TYPO3-dev] Thoughts about security in BE
Next message: [TYPO3-dev] Thoughts about security in BE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the TYPO3-dev mailing list