[TYPO3-dev] [TYPO3-core] RFC #12094: Bug: stdWrap function fullQuoteStr

JoH asenau info at cybercraft.de
Fri Oct 2 16:42:53 CEST 2009


> It is not the first and not the last time when different security
> issues are discussed openly. Sometimes people simply do not
> understand that it is dangerous. Therefore it is much better that
> *anything* related to security goes through the security team. False
> alarm is better than missed alarm. Ever saw it from this point of
> view?

Well, this issue already has been discussed with people from the security
team, since we first discovered it while writing the TYPO3 cookbook in 2005.
After all it doesn't seem to be an issue for the security team, because
there is no hole in the TYPO3 code or an extension as such, since the "hole"
is just sitting in front of the screen.

So the whole discussion is not about real security issues but about comfort
features for integrators, that might help them to *avoid* security holes
when creating their own TypoScript code.

HTH

Joey

-- 
Wenn man keine Ahnung hat: Einfach mal Fresse halten!
(If you have no clues: simply shut your gob sometimes!)
Dieter Nuhr, German comedian
Xing: http://contact.cybercraft.de
Twitter: http://twitter.com/bunnyfield
TYPO3 cookbook (2nd edition): http://www.typo3experts.com
TYPO3 workshops: http://workshops.eqony.com






More information about the TYPO3-dev mailing list