[TYPO3-dev] Security Warning
Christian Lerrahn
typo3 at penpal4u.net
Fri Feb 10 03:00:03 CET 2006
On Wed, 08 Feb 2006 11:46:29 +0100
Michael Stucki <michael at typo3.org> wrote:
> Steffen Kamper wrote:
>
> > My point was that there are some points of vulnerablity everyone should
> > know so you can pretend users using php. That is one point more to think
> > at when configuring BE Usergroup. On some Systems ext like
> > php_page_content is needed for some add. features so you must hide it for
> > the normal BE Users. Also the possibility to write TS.
> >
> > Cause of that i wanted this discussion, maybe to show some more points of
> > vulnarabilty - there are surely some more, and some ext should be awared
> > too
> > :)
>
> Great work, Steffen! Will you post all of them on this public mailing list?
That's what you call "full disclosure". ;-) Maybe it would be good to
read the code of conduct of some security mailing list like buqtraq or
so especially as there is something called "Typo3 security team".
@Steffen: I understand your concern and it is worth being discussed but
if you see a security problem, shouldn't contact the security team first?
Christian
--
Mein Wort wird nicht wieder leer zu mir zurückkommen, sondern
wird tun, was mir gefällt, und ihm wird gelingen, wozu ich es
sende.
Jesaja 55,11
Wie viele Jesus aufnahmen, denen gab er Macht, Gottes Kinder zu
werden, denen, die an seinen Namen glauben.
Johannes 1,12
More information about the TYPO3-dev
mailing list