[TYPO3-dev] [TYPO3-v4] Removing the feature "Enable extensions without review (basic security check)" from EM

Marcus Krause marcus#exp2010 at t3sec.info
Thu May 13 00:52:16 CEST 2010


Oliver Klee schrieb am 05/12/2010 11:19 PM Uhr:

> I propose removing the checkbox, and adding a warning flash message
> (with a warning about that extensions from the TER might be insecure)
> the first time a user imports an extension from the TER. We then can
> store in BE_USER->uc whether the user already has seen that warning.
> 
> This will create abovementioned awareness without the usability issue
> that new users don't know why they cannot find certain extensions.

Nice suggestion.

Marcus.

-- 
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/




More information about the TYPO3-dev mailing list