[TYPO3-dev] [TYPO3-v4] Removing the feature "Enable extensions without review (basic security check)" from EM
Ries van Twisk
typo3 at rvt.dds.nl
Thu May 13 00:56:32 CEST 2010
On May 12, 2010, at 5:52 PM, Marcus Krause wrote:
> Oliver Klee schrieb am 05/12/2010 11:19 PM Uhr:
>
>> I propose removing the checkbox, and adding a warning flash message
>> (with a warning about that extensions from the TER might be insecure)
I have never seen any software telling me that there software is
insecure :)
However, may all extensions in TER should be considered 'third party'
giving a user the impression/feeling it doesn't belong to TYPO3 core.
just thinking out loud.
For me if any software off-hand tells me it's insecure then I can only
imagine
that there are known issue not fixed and I better off not use it!!
again,
the same feeling as above.
What would you do if you buy a car and it states : 'This care is
insecure because it contains
third party components, use at your own risc' ?
>> the first time a user imports an extension from the TER. We then can
>> store in BE_USER->uc whether the user already has seen that warning.
Q: Is it possible for a user to look back at what warning messages a
user has seen?
Or... Reset the warning messages so they pop-up again?
Most users click away any message that see and will always forget what
they have seen.
>>
>> This will create abovementioned awareness without the usability issue
>> that new users don't know why they cannot find certain extensions.
>
> Nice suggestion.
>
> Marcus.
>
> --
> Member TYPO3 Security Team
> Blog on TYPO3 Security: http://secure.t3sec.info/blog/
> _______________________________________________
> TYPO3-dev mailing list
> TYPO3-dev at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-dev
More information about the TYPO3-dev
mailing list