[Typo3-dev] Security Problem - HTML
René Fritz
r.fritz at colorcube.de
Tue Sep 23 20:24:34 CEST 2003
> This might be a problem as the IP address
> 1) might change if it is a dialed connection or with timeout
> 2) with router you might see only 1 IP address for tons of user. So if
> the attacker is within the same company -> no win. So you could also
> check the port number. But this changes on every request.
Yes that's are the drawback's. But I will provide an extension which will
check the IP.
But I really don't care about the described security problem.
Anyway, it would be nice if somebody can provide an english description about
the problem I can publish with the extension documentation.
> and here the problem might even exists with unkown users) as the article
> on Heise was revised and no longer limits the Exploit to Typo3 ;)
Yes but still there you can read
"Thomas Bley from Simple Groupware Solutions found *several* security holes
..." What does that mean.
And they refer to general PHP cross site problems, but this problem is related
to JS, or not?
René
--
COLORCUBE
digital media lab
www.colorcube.de
More information about the TYPO3-dev
mailing list