[Typo3] Security issue with MySQL on Windows

[Karsten Dambekalns]

Hi Peter.

Peter Russ wrote:
> Karsten Dambekalns schrieb:
>> I'd like to point out a security issue that has been published yesterday
>> by MySQL AB. It affect those who run MySQL on windows machines. Detailed
 ...
> And what's about the alerts on Debian, Microsoft, Free-BSD etc...
> Didn't you read that?
> Sorry I forgot PHP to mention!
> If we would always re-publish all alerts here it would be redundant.

I see your point. My intention is not to republish all those annoucnements
here. But we discussed the point of relaying security issues with
components that are central to the majority of TYPO3 setup during the tour,
and I still think this is a good idea.

It would only be about things like IM, MySQL, Apache, PHP any maybe some
more (remember, this has been pointed out a number of times, and noone
complained; the same holds true for IM). It's not about fundamental things
in every distribution or OS (those are the job of an admin).

Of course we expect every TYPO3 admin to take care of this on their own, but
this is unrealistic - sad but true. Now if some hole in some major
component makes TYPO3 systems vulnerable, and the damage is already done,
what then? We can rightfully point to the real cause a thousand times. it
will still shed a wrong light on the project.

This is why default permissions were discussed lately in the security team -
the release packages are easy to install, but not secure per default.
Everyone *should* read the README and secure their setup, but... So this
will change: rather have frustrated (first time) users then insecure
setups.

> I would apprecicate if we could concentrate on Typo3.

Sure. So, if the above is nonsense, we won't do it again. I mean it. Any
suggestions and comments?

Regards,
Karsten