[TYPO3-english] TYPO3.ORG hacked

Andreas Becker ab.becker at web.de
Mon Nov 17 05:43:18 CET 2008

Passwords forth and back
As long as TYPO3 stores user data on different places, as long as xtimes
personal data get stored on xdifferent places and no coordination takes
place at all - TYPO3 will always be not so userfriendly and that is a pitty.

There is so much coordination going on why nobody simply tries to figure out
to reduce all those personal datas to one and only place.
Then integrate this one and only place as a "Fort Knox" into the Core and
make TYPO3 more secure.

If you generally look to modern CMS Systems which have been programmed in
the last few months you'll see that they all focus in their basic edition on
a very simple but effectfull standard set.
All include a secure login solution for front and backend
All store personal data not on x different places in x different ways
All include easy accessible filemanagement
Al include some very good basic seo features
All are able to rewrite URLs without the hazzle like it is caused in TYPO3
All come a long with a standard set of ready to use extensions/modules like
- news/blog
- simple ecommerce
- login solution
- some even with a gallery
- online editor

Having something similar in TYPO3 would reduce lots of stress in how to
setup a secure and working solution for front and backend. And it would
start with a secure running system. Simple try to make TYPO3 not only more
secure but also more userfriendly.

A human factor where somebody with admin access "kidnapps" passwords will
exist in any System but even here I guess encrypting password or using md5
would make it a bit more difficult even for this admin user to get and use
the passwords in cleartext.

Thinks like just happened are mostly depending on a human factor which can't
be excluded at all but we should be able to make it much more difficult for
those people to get our data in plain text.


Thanks a lot! Greetings from ICT Innovation Paradise Andi Blog:
http://andibecker.lisandi.com Map: http://maps.lisandi.com Album:
http://pics.lisandi.com Videos: http://video.lisandi.com Projects:
http://www.t3log.info T3Pack - TYPO3 Development, TEAM 3 - Eternal
Project Management LisAndi Co. Ltd. - The future is within us! POWER4 -
The empowering people!

More information about the TYPO3-english mailing list