[TYPO3-dev] Hacked TYPO3 Sites
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Wed Aug 1 10:09:01 CEST 2007
Franz Holzinger schrieb:
> Hello Martin,
>
>> Would it be securitywise better to remove PHP config files in favour of
>> XML files (with XML-CASE-constructs and PHP post-processing hooks) and
>> caching with serialized arrays?
>
> IMHO a checksum for the PHP file could be introduced and stored in the
> database with logging and also another file. A warning could be sent to
> the admin, if the checksum of the PHP file has become invalid. This is
> done already in the EM with the extensions files. So only a TYPO3
> backend admin could install new extensions and reset the checksum
> automatically.
But if I can write, I can easily read any salts needed to ceate the
checksum myself.
Masi
More information about the TYPO3-dev
mailing list