[TYPO3-dev] Services architecture
Christian Lerrahn (Cerebrum)
christian.lerrahn at cerebrum.com.au
Thu Mar 24 15:05:57 CET 2011
Hi Steffen,
On Thu, 24 Mar 2011 10:48:59 +0100
Steffen Ritter <info at rs-websystems.de> wrote:
[...]
> I think this should officially be discussed and decided by the
> security team.
> As already pointed out I see no difference if you inject some code
> just reading a variable, or calling some more lines and decrypting it
> with rsaauth itself... As soon as you are able to execute php code it
> does not matter, I think.
>
> So please make this an official ticket at security team and Helmut
> should post the decision you made here.
I believe you asked Dmitry to open this ticket and am unsure if you are
referring to an internal ticketing system that is only available to
core developers. However, as I originally brought up this topic and
initiated the discussion, I have taken it on me to send an email to
securityATtypo3.org to formally move a motion for this issue to be
assessed and a conclusion to be reached by the security team. A copy of
my motion went to you (Steffen Ritter) and Dmitry Dulepov to give you
opportunity to comment on it.
Cheers,
Christian
More information about the TYPO3-dev
mailing list