[TYPO3-dev] Info disclosure from extension folders

christian reiter cr at cxd.de
Fri Oct 27 09:35:05 CEST 2006


Hello,

Of course it should only be a notice/instruction.

First, it should not be mandatory simply for the reason that the best
solution is of course to encourage everyone to have only up-to-date, fully
reviewed, secure extensions all the time. Second, of course it doesn?t
affect everyone.

If however you happen to stumble upon a server inside your network that has
tons of old TYPO3 installations, which are partially unsupported by their
original creators, and you do not have the organizational permission to
change them, solutions like this are useful...

greetings,

Christian Reiter



"Martin Kutschker" <Martin.Kutschker at n0spam-blackbox.net> schrieb im
Newsbeitrag news:mailman.1.1161933587.1523.typo3-dev at lists.netfielders.de...
> Dmitry Dulepov schrieb:
> > Hi!
> >
> > Andreas Otto wrote:
> >
> >> Overwriting apache directives using .htaccess is not very resource
> >> friendly.
> >
> >
> > Sometimes you have no choice :) So, instructions should both have
> > httpd.conf and .htaccess way.
>
> Instructions, yes, but no "mandatory" .htaccess settings.
>
> Masi






More information about the TYPO3-dev mailing list