[TYPO3-dev] Hacked TYPO3 Sites
Dmitry Dulepov
dmitry at typo3.org
Wed Aug 1 14:49:25 CEST 2007
Franz Holzinger wrote:
> IMHO a checksum for the PHP file could be introduced and stored in the
> database with logging and also another file. A warning could be sent to
> the admin, if the checksum of the PHP file has become invalid. This is
> done already in the EM with the extensions files. So only a TYPO3
> backend admin could install new extensions and reset the checksum
> automatically.
If user cannot modify localconf.php manually, he can say good bye to
realurl at least. Sometimes it is much easier to modify confuration file
manually. As to temp_CACHED_*, I am not sure that I like the idea of
checksum either. I think we will be the first who will start checksuming
PHP files. It looks a bit too much for me. Proper permissions and server
security audits is the right way to go. Checksuming files while
allowing, for example, anonymous write FTP access is a wrong overkill.
--
Dmitry Dulepov
TYPO3 freelancer / TYPO3 core team member
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
More information about the TYPO3-dev
mailing list