[TYPO3-dev] [TYPO3-v4] Removing the feature "Enable extensions without review (basic security check)" from EM

Ries van Twisk typo3 at rvt.dds.nl
Thu May 13 00:56:32 CEST 2010


On May 12, 2010, at 5:52 PM, Marcus Krause wrote:

> Oliver Klee schrieb am 05/12/2010 11:19 PM Uhr:
>
>> I propose removing the checkbox, and adding a warning flash message
>> (with a warning about that extensions from the TER might be insecure)

I have never seen any software telling me that there software is  
insecure :)
However, may all extensions in TER should be considered 'third party'
giving a user the impression/feeling it doesn't belong to TYPO3 core.
just thinking out loud.

For me if any software off-hand tells me it's insecure then I can only  
imagine
that there are known issue not fixed and I better off not use it!!  
again,
the same feeling as above.

What would you do if you buy a car and it states : 'This care is  
insecure because it contains
third party components, use at your own risc' ?


>> the first time a user imports an extension from the TER. We then can
>> store in BE_USER->uc whether the user already has seen that warning.

Q: Is it possible for a user to look back at what warning messages a  
user has seen?
Or... Reset the warning messages so they pop-up again?

Most users click away any message that see and will always forget what  
they have seen.


>>
>> This will create abovementioned awareness without the usability issue
>> that new users don't know why they cannot find certain extensions.



>
> Nice suggestion.
>
> Marcus.
>
> -- 
> Member TYPO3 Security Team
> Blog on TYPO3 Security: http://secure.t3sec.info/blog/
> _______________________________________________
> TYPO3-dev mailing list
> TYPO3-dev at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-dev





More information about the TYPO3-dev mailing list