[TYPO3-ect] Securing typo3conf

Tonix (Antonio Nati) tonix at interazioni.it
Tue Aug 26 11:30:57 CEST 2008


I've the feeling /typo3conf should be totally forbidden for any web 
access, because it contains too much files (i.e. constants, setup)  
which should not be accessed directly from web.

So I deny access to /typo3conf in my website configuration, and all 
works, except for some routines which must be explicited enabled.
Up to now (for what I'm using now), paths I must enable are:

    * /typo3conf/ext/sr_freecap/pi1/captcha.php
    * /typo3conf/ext/sr_freecap/pi2/newFreeCap.js
    * /typo3conf/ext/dam_frontend/pushfile.php

But I have some questions:

    * how is generally considered the security of /typo3conf path?
    * should be introduced a zone where plugins should place
      routines/files which should be generally accessible? Should exist
      another place (i.e. like /typo3public/ or /typo3conf/public/)
      where extensions should automatically place any file which is
      accessed directly from web, denying instead any direct access to
      /typo3conf?

Thanks,

Tonino

-- 
------------------------------------------------------------
        Inter at zioni            Interazioni di Antonio Nati 
   http://www.interazioni.it      tonix at interazioni.it           
------------------------------------------------------------



More information about the TYPO3-team-extension-coordination mailing list