[Typo3] t3-SECURITY???
Christoph Moeller
moeller at network-publishing.de
Tue Feb 8 16:31:55 CET 2005
daniel schrieb:
^^^^^^
Still wrong. Please _read_ http://typo3.org/1438.html
> ok,
> if i say "what about security issues?" you say "that's your own prob"
> and "don`t start a security histeria". if i answer this by saying that
> the only reason i posted this is that i was wondering about some
> questions and do not want to start any histeria you say "don`t shout
> around and configure your thunderbird". fine.
Constructive critics are highly appreciated ;) But please obey the rules.
> all i wanted to do is to talk about topics like: "will the
> awstats-exploit work even if the extension is protected by
> typo3-specific-security-routines?" nothing more. but at this point i can
> just say we should end this discussion right here because all of you are
> not willing to even think about the cause you`re server might get hacked
> because of a well known exploit... hope you get away with this
> M$-mentality ("only show bugs we`ve already got fixed").
Nobody in here wants to hide security-related issues. And there's
nothing against asking about stuff like the fore-mentioned AWstats
thingy. Which anyway might be a problem for the sites using it, indeed.
But: what's the point in shouting out "SECURITY RISK IN TYPO3!!" when
the (core-)devs haven't even looked at it?
The point is:
- keep it calm and professional
- don't trigger script-kiddies that wouldn't even notice any flaw by
themselves
- give the TYPO3 admins enough time to act _before_ mass-exploiting begins
That' got nothing to do with "M$-mentality" but just with being
professional about such topics.
Anyways: I strongly believe Karsten&Co (i.e. the Sec-Team) will take any
action needed.
my 2c.
Chris
More information about the TYPO3-english
mailing list