[TYPO3-ect] Securing typo3conf
Tonix (Antonio Nati)
tonix at interazioni.it
Tue Aug 26 11:30:57 CEST 2008
I've the feeling /typo3conf should be totally forbidden for any web
access, because it contains too much files (i.e. constants, setup)
which should not be accessed directly from web.
So I deny access to /typo3conf in my website configuration, and all
works, except for some routines which must be explicited enabled.
Up to now (for what I'm using now), paths I must enable are:
* /typo3conf/ext/sr_freecap/pi1/captcha.php
* /typo3conf/ext/sr_freecap/pi2/newFreeCap.js
* /typo3conf/ext/dam_frontend/pushfile.php
But I have some questions:
* how is generally considered the security of /typo3conf path?
* should be introduced a zone where plugins should place
routines/files which should be generally accessible? Should exist
another place (i.e. like /typo3public/ or /typo3conf/public/)
where extensions should automatically place any file which is
accessed directly from web, denying instead any direct access to
/typo3conf?
Thanks,
Tonino
--
------------------------------------------------------------
Inter at zioni Interazioni di Antonio Nati
http://www.interazioni.it tonix at interazioni.it
------------------------------------------------------------
More information about the TYPO3-team-extension-coordination
mailing list