[Typo3] SQL Injection
mscharkow at gmx.net
Fri Mar 4 10:42:42 CET 2005
> And if you should only inform people you can trust, the way to inform them
> is surely _not_ a NG that can be read by almost everybody but a simple
> maling list with a few registered people.
> Anything else is IMHO more than naive behaviour ...
Yep, fully agree here. Maybe I got Bernhard wrong who seemed to reproach
Ries for saying "Yep, it is an exploit" in public. AFTER it is
published, there's not use in keeping the effects secret.
> There is only one possible situation where you are forced to make it public:
> When somebody else is standing on the street crying out, what he knows about
> your door locks.
This is obviously what has happened here, aye?
I did receive a mail from stucki that they are working on it, so Fabian
was perhaps not so polite in revealing it on bugtraq prematurely.
More information about the TYPO3-english