[TYPO3-dev] Security Warning
Michael Scharkow
michael at underused.org
Wed Feb 8 09:55:08 CET 2006
Dmitry Dulepov wrote:
> What harm can you do *remotely* using mysql user name and password? If
> you can upload any acript to the site, you can do almost anything (for
> example, erase localconf.php and block typo3 site completely) but mysql
> user name and password will not help you to upload such script.
In Steffen's scenario, users *can* already mess with local php scripts,
no need to upload one.
More information about the TYPO3-dev
mailing list