[TYPO3-dev] Install tool access control bypass with loopback devices
Mario Rimann
typo3-coding at rimann.org
Mon Jul 27 10:37:35 CEST 2009
Hi
Marcus Krause schrieb:
> When using reverse proxies on localhost, this allows to circumvent the
> ENABLE_INSTALL_TOOL file procedure.
Can you provide a more detailed description of the setup, where this
could lead to a problem?
> What I suggest:
> Either completely remove this loopback access control bypass code or
> take configured reverse proxies into account!
As I'm the one that sent in the patch for the IPv6-check, I'm interested
in keeping this loopback-check. Maybe we can take this proxy stuff into
account? How could we do this?
Do you have any input for me? Maybe it's a small thing and we could just
modify that patch (once again). Or if it's a bigger thing, we'll need to
make a separate RFC out of it. But I'm basically interested in keeping
the loopback-check AND add more security if possible.
Cheers,
Mario
More information about the TYPO3-dev
mailing list