[Typo3] SQL Injection

Karsten Dambekalns karsten at typo3.org
Fri Mar 4 13:19:53 CET 2005


Repeating some things that altready have been said:

Peter Russ wrote:
> I'm just wondering how security issues are handled at the moment at
> Typo3. If there is an alert in other software e.g. MySql or IM or PHP
> messages are reposted that can be found everywhere.

Yes, but if everything works as it should, those messages appear *after* the
vendor has been notified and a fix has been provided. Exceptions are made
if the vendor doesn't react (in a realistic time frame) at all or even
refuses to fix something.

> IMHO if there is a problem the only responsible reaction would be "turn
> of this ..." or "check that...". It's not necessary to explain in detail
> how the infection/bug attacks. But it would help to solve problems.

No. Until something is at least checked internally, this doesn't make sense.

> I would like to see that this kind of problems could be handled in a
> professional manner. Why do you try to follow big MS and outperform how
> they handle their vulnerabilites ;-)

Utter nonsense.

Karsten Dambekalns
TYPO3 Association - Active Member

More information about the TYPO3-english mailing list