[TYPO3-dev] Thoughts about security in BE
Marcus Krause
marcus.krause at tu-clausthal.de
Fri Jan 18 12:31:47 CET 2008
Georg Ringer wrote:
> Hi Marucs,
>
> changes concering extensions can just be done by an admin and an admin
> should know what he does!
If someone highjacked an admin accound via XSS, admin is someone else not the
person that you intended to be admin!
> And I guess no hack works via the backend but directly to the database with
> an UPDATE/INSERT/DELETE query.
Think about a person described above fires a "TRUNCATE TABLE pages" with phpmyadmin!
> so a -1 for me
Maybe think about again! ;-)
More information about the TYPO3-dev
mailing list