[Typo3] SQL Injection - READ THIS PLEASE.

Peter Russ peter.russ at 4many.net
Fri Mar 4 16:25:21 CET 2005


Michael Stucki schrieb:

> Stefan Neufeind wrote:
> 
> 
>>For reference - it was also announced here:
>>http://secunia.com/advisories/14465/
> 
> 
> Plus many other places. Argh, I hate this! Again:
> This is a 3rd party extension!!
> 
> Why does noone want to mention this?
> 
> Is Linux insecure because Apache has a leak?
> 
> I highly vote for no longer publishing any 3rd party extensions without
> having them reviewed...! :-|
> 
> - michael
Nope that not quite right:

Linux is not the frame work as Apache can run under different OSes. So 
if you want to compare you should do it apple by apple.

I'm just wondering again:
If Typo3 is interested in supporting extensions and missed to come up 
with a process to differentiate between experimental, alpha, beta, 
testing, stable and let the developer decide without QA ... Who creates 
the problems: the chicken or the egg?

By the way: what is a 3rd party extension at open source? And who is 
debugging the core Typo3 or 2nd party products? What's about the "hidden 
features" of the 1st party...

If you want developers to publish their extension at typo3.org you also 
have to accept the consequences if s.th. goes wrong. Or different place 
has to be established.

Regs. Peter.

---
_____________________________
4Many Services
http://www.4many.net              http://www.4dfx.de

Kundenserver/Customer server
http://www.typo3-server.net



More information about the TYPO3-english mailing list