[Typo3] SQL Injection
Michael Scharkow
mscharkow at gmx.net
Fri Mar 4 10:03:20 CET 2005
Kraft Bernhard wrote:
> The list is a closed (restricted) one. Just some people are one it. It
> isn't good
> to have to many people knowing of security leaks. Some could do bad things.
Oh, yes. It's far better to leave the hundreds of TYPO3 admins
uninformed and have their sites broken in. I see you're adhering to the
well-established Microsoft security policy.
I fully agree to what Peter wrote, that we need a professional security
handling:
1. Announce the vulnerability in public without the details, so I may
shut down the Extension or react in other appropriate ways.
2. Post the full disclosure to the closed security list and the
maintainer of the code who then *quickly* fix this and release a public
security advisory.
Please no more blackboxes or "forward this privately to XXX"!
Greetings,
Michael
More information about the TYPO3-english
mailing list