[TYPO3-dev] Thoughts about security in BE
Marcus Krause
marcus.krause at tu-clausthal.de
Fri Jan 18 12:08:06 CET 2008
Hi Devs!
As XSS is a major problem mainly for third party extensions and affects not only
them but also TYPO3 itself (BE etc.) and you simply cannot review them all, I
would suggest securing security related functions in BE.
In my opinion this would include following:
- Password changes to user accounts requires old/current password
- before using extension phpmyadmin you should explicitely requested to insert
current password
- before installing extensions with ext-manager you should explicitely requested
to insert current password
What do you think? Any more points to be added to above list?
Cheers,
Marcus.
More information about the TYPO3-dev
mailing list