[Typo3-dev] typo3 security team

Peter Russ peter.russ at 4dfx.de
Thu Sep 25 17:16:34 CEST 2003


René Fritz schrieb:

[...]

> It might not be bad to have an additional document which describes how to 
> write safe plugins/code or the other way around to show how it is wrong.
> 
> Even if I'm a extension reviewer I'm not really into security issues and would 
> like to read such a document.
> 
> So Martin, do you volunteer to start such a document? :-)
> 
> René

This might be a very difficult project.
What is safe or unsecure?
I believe it always depends on the enviroment and requirement.

Examples:
A knife in my hand might be safe as I intend to slice bread. But becames 
pretty dangerous for a chicken when it comes too close. So making the 
knife safe for the chicken is making the knife worthless for slicing bread!

Offering an extension to backup the typo installation always includes 
the risk that someone might steal your password using your extension 
directly or slightly altered.

So which level of security is required?
Is always depends on the circumstances.

Gruss. Peter.









More information about the TYPO3-dev mailing list