[Typo3] Security issue with MySQL on Windows
Peter Russ
peter.russ at 4dfx.de
Mon Jan 31 07:48:13 CET 2005
Karsten Dambekalns schrieb:
> Hi Peter.
>
> Peter Russ wrote:
>
>>as you mentioned the main "security hole" is the person setting up
>>Typo3. How many admin/passwords are still unchanged on production sites?
>
>
> Probably better not to know it :/
>
>
>>For example the IM alert: only interesting for PSD files with more than
>>25 layers.... But the impression here is that Typo has a serious problem
>>because IM has a overflow.
>
>
> Yes, but that is why I tried to explain it (the PSD/IM issue) and make clear
> that the way around this is relatively simple.
>
>
>>So I think it's less helpful to just provide the information without
>>explaining the impact on Typo3. What's about a "Security Alert Team":
>>when ever an alert rises they publish a ranking from "no influence on
>>Typo3" upto "Fix it otherwise you site will go done".
>
>
> That is what we have in mind, only are we lacking the infrastructure to do
> this in an orderly way right now. This will change during the spring
> cleaning, if all goes well.
>
> I'll invite everyone then, to discuss the best approach. Is that a deal?
>
> Regards,
> Karsten
>
You're welcome.
Peter.
More information about the TYPO3-english
mailing list