[TYPO3-dev] Hacked TYPO3 Sites
Franz Holzinger
franz at fholzinger.com
Wed Aug 1 09:34:40 CEST 2007
Hello Martin,
> Would it be securitywise better to remove PHP config files in favour of
> XML files (with XML-CASE-constructs and PHP post-processing hooks) and
> caching with serialized arrays?
IMHO a checksum for the PHP file could be introduced and stored in the
database with logging and also another file. A warning could be sent to
the admin, if the checksum of the PHP file has become invalid. This is
done already in the EM with the extensions files. So only a TYPO3
backend admin could install new extensions and reset the checksum
automatically.
- Franz
More information about the TYPO3-dev
mailing list