[Typo3] t3-SECURITY???
daniel schiffner
ds at netzspiegel.de
Tue Feb 8 17:57:51 CET 2005
Christoph Moeller wrote:
> But: what's the point in shouting out "SECURITY RISK IN TYPO3!!" when
> the (core-)devs haven't even looked at it?
you didn't even read the thread, did you?
i did NOT shout out t3 is insecure or something like this. as i said i
just wanted to talk about how typo3 might protect even insecure
extensions. and though you're too lazy to look ds at netzspiegel up, i
wrote my name into my account (hope you're all happy now).
> The point is:
> - keep it calm and professional
> - don't trigger script-kiddies that wouldn't even notice any flaw by
> themselves
> - give the TYPO3 admins enough time to act _before_ mass-exploiting begins
i thought it's our problem if there's a new exploit (???)
> That' got nothing to do with "M$-mentality" but just with being
> professional about such topics.
>
indeed it is M$-mentality. open source is like releasing
security-concerning news and fix it within a couple of hours and not
like keeping it unsaid and hoping nobody else discovers it!
> Anyways: I strongly believe Karsten&Co (i.e. the Sec-Team) will take any
> action needed.
i too believe in that! and i'd be willing to help them if they want to
in cause a real bug should occur. that was the reason i started this
thread here!
> my 2c.
> Chris
More information about the TYPO3-english
mailing list