[Typo3] t3-SECURITY???

[Christoph Moeller]

daniel schrieb:
^^^^^^
Still wrong. Please _read_ http://typo3.org/1438.html

> ok,
> if i say "what about security issues?" you say "that's your own prob" 
> and "don`t start a security histeria". if i answer this by saying that 
> the only reason i posted this is that i was wondering about some 
> questions and do not want to start any histeria you say "don`t shout 
> around and configure your thunderbird". fine.

Constructive critics are highly appreciated ;) But please obey the rules.

> all i wanted to do is to talk about topics like: "will the 
> awstats-exploit work even if the extension is protected by 
> typo3-specific-security-routines?" nothing more. but at this point i can 
> just say we should end this discussion right here because all of you are 
> not willing to even think about the cause you`re server might get hacked 
> because of a well known exploit... hope you get away with this 
> M$-mentality ("only show bugs we`ve already got fixed").

Nobody in here wants to hide security-related issues. And there's 
nothing against asking about stuff like the fore-mentioned AWstats 
thingy. Which anyway might be a problem for the sites using it, indeed.

But: what's the point in shouting out "SECURITY RISK IN TYPO3!!" when 
the (core-)devs haven't even looked at it?
The point is:
- keep it calm and professional
- don't trigger script-kiddies that wouldn't even notice any flaw by 
themselves
- give the TYPO3 admins enough time to act _before_ mass-exploiting begins

That' got nothing to do with "M$-mentality" but just with being 
professional about such topics.

Anyways: I strongly believe Karsten&Co (i.e. the Sec-Team) will take any 
action needed.

my 2c.
Chris