[Typo3] Security issue with MySQL on Windows
Karsten Dambekalns
k.dambekalns at fishfarm.de
Mon Jan 31 00:46:14 CET 2005
Hi Peter.
Peter Russ wrote:
> as you mentioned the main "security hole" is the person setting up
> Typo3. How many admin/passwords are still unchanged on production sites?
Probably better not to know it :/
> For example the IM alert: only interesting for PSD files with more than
> 25 layers.... But the impression here is that Typo has a serious problem
> because IM has a overflow.
Yes, but that is why I tried to explain it (the PSD/IM issue) and make clear
that the way around this is relatively simple.
> So I think it's less helpful to just provide the information without
> explaining the impact on Typo3. What's about a "Security Alert Team":
> when ever an alert rises they publish a ranking from "no influence on
> Typo3" upto "Fix it otherwise you site will go done".
That is what we have in mind, only are we lacking the infrastructure to do
this in an orderly way right now. This will change during the spring
cleaning, if all goes well.
I'll invite everyone then, to discuss the best approach. Is that a deal?
Regards,
Karsten
More information about the TYPO3-english
mailing list