[Typo3] Securing and Enhancing Typo3

[Michael Stucki]

Michael Scharkow wrote:

>> i thought, it would be better if the access to the /typo3 folder and
>> /install folder is additionally protected by a .htaccess file.
>> Maybe i´m wrong?
> 
> Yes, but two additional htaccess files are more secure and less error
> prone as an additional extension. So this should be done manually.

In theory, yes.
But the extension he referred does not extend the login procedure, it
replaces it! And that's definitely a risk.

- michael
-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/