[TYPO3-ect] How can be security threat defined?
Daniel Bruessler
danielb at typo3.org
Wed Apr 2 00:06:41 CEST 2008
Hello Braulio José Solano Rojas,
great that spanish people have such long names: I just have two :-)
If you like you can extend the wiki with an article about security. In
the moment these pages exist:
http://wiki.typo3.org/Category:Topic/security
You should talk to the people from the security-team, because they're
testing the security of extensions:
http://typo3.org/teams/security/
I just read the md5-password what you wrote about, so you can use
another auth-method:
* ldap_auth
* SSO
* rlmp_extdbauth
* bzb_ldapsso
* sf_imap_login
* wk_sslauth
So you see you have thousand possibilities to not have the password
stored in the db.
Cheers!
Daniel
> Hi.
>
> I would like to know how what is considered insecure from an extension
> development point of view. Are there any security good practices manuals
> for TYPO3? IMHO I found the TYPO3 Coding Guidelines manual somehow light
> in terms of security, it does not establishes true security policies.
>
> I also would like to have your opinion on:
> http://bugs.typo3.org/view.php?id=7932.
>
> Just trying to organize better my ideas.
>
> Best regards,
>
> B.
More information about the TYPO3-team-extension-coordination
mailing list