[TYPO3-dev] Security Warning

[Michael Scharkow]

Peter Russ wrote:

> So allowing a USER to include any PHP code is similar to stop a firewall 
> and turn off your virus scanner.

Actually, it's more like giving them a root account and expecting you 
could prevent them from doing *anything*.

Steffen, if you let untrusted people in your system, that's *not* a 
vulnerability of the system itself, but a broken security concept.

Cheers,
Michael