[TYPO3-dev] Security Warning
Steffen Müller
steffen at kommwiss.fu-berlin.de
Wed Feb 8 10:38:38 CET 2006
Hi Steffen,
Steffen Kamper schrieb:
> My point was that there are some points of vulnerablity everyone should know
> so you can pretend users using php. That is one point more to think at when
> configuring BE Usergroup. On some Systems ext like php_page_content is
> needed for some add. features so you must hide it for the normal BE Users.
> Also the possibility to write TS.
>
> Cause of that i wanted this discussion, maybe to show some more points of
> vulnarabilty - there are surely some more, and some ext should be awared too
1. We have a mailing list for security issues. PLease use it next time
for security related questions and possible vulnerablilities. Simply
write an email to: typo3-project-security at lists.netfielders.de
2. As already said: If you can't trust your non-admin users - never
allow them to enter custom php code. Think twice about a solution to
avoid this. If you can not fiddle a way to do this, ask someone to help.
--
cheers,
Steffen
More information about the TYPO3-dev
mailing list