[Typo3-dev] Security Problem - HTML
Christoph Moeller
chris at byters.de
Tue Sep 23 16:31:12 CEST 2003
René Fritz schrieb:
> So why not make the security stronger than to make workarounds. Which means to
> include the IP from where a user logged in, in the current session.
>
> Then an attacker have to steal the cookie AND have to simulate the IP which is
> really hard to do.
Good one - /me taking the wooden board off of his forehead...
Should be fairly more easy than fiddling with regexp's to do malicious
html code detection/notification.
Is that a big deal in terms of code changes? I personally don't exactly
know at what places the BE cookie is checked for.
Chris
More information about the TYPO3-dev
mailing list