[Typo3] SQL Injection

Michael Scharkow mscharkow at gmx.net
Fri Mar 4 10:42:42 CET 2005

JoH wrote:

> And if you should only inform people you can trust, the way to inform them
> is surely _not_ a NG that can be read by almost everybody but a simple
> maling list with a few registered people.
> Anything else is IMHO more than naive behaviour ...

Yep, fully agree here. Maybe I got Bernhard wrong who seemed to reproach 
Ries for saying "Yep, it is an exploit" in public. AFTER it is 
published, there's not use in keeping the effects secret.

> There is only one possible situation where you are forced to make it public:
> When somebody else is standing on the street crying out, what he knows about
> your door locks.

This is obviously what has happened here, aye?

I did receive a mail from stucki that they are working on it, so Fabian 
was perhaps not so polite in revealing it on bugtraq prematurely.


More information about the TYPO3-english mailing list