[Typo3] SQL Injection
Karsten Dambekalns
karsten at typo3.org
Fri Mar 4 13:19:53 CET 2005
Hi.
Repeating some things that altready have been said:
Peter Russ wrote:
> I'm just wondering how security issues are handled at the moment at
> Typo3. If there is an alert in other software e.g. MySql or IM or PHP
> messages are reposted that can be found everywhere.
Yes, but if everything works as it should, those messages appear *after* the
vendor has been notified and a fix has been provided. Exceptions are made
if the vendor doesn't react (in a realistic time frame) at all or even
refuses to fix something.
> IMHO if there is a problem the only responsible reaction would be "turn
> of this ..." or "check that...". It's not necessary to explain in detail
> how the infection/bug attacks. But it would help to solve problems.
No. Until something is at least checked internally, this doesn't make sense.
> I would like to see that this kind of problems could be handled in a
> professional manner. Why do you try to follow big MS and outperform how
> they handle their vulnerabilites ;-)
Utter nonsense.
Karsten
--
Karsten Dambekalns
TYPO3 Association - Active Member
http://association.typo3.org/
More information about the TYPO3-english
mailing list