[TYPO3-dev] [TYPO3-v4] Removing the feature "Enable extensions without review (basic security check)" from EM

Ernesto Baschny [cron IT] ernst at cron-it.de
Thu May 13 09:15:16 CEST 2010


Oliver Klee schrieb am 12.05.2010 23:19:

> I propose removing the checkbox, and adding a warning flash message
> (with a warning about that extensions from the TER might be insecure)
> the first time a user imports an extension from the TER. We then can
> store in BE_USER->uc whether the user already has seen that warning.
> 
> This will create abovementioned awareness without the usability issue
> that new users don't know why they cannot find certain extensions.
> 
> Opinions?


Since we have the information of what is extensions and versions
"reviewed" in TER, we could as well display the information in the
"search result" page, and also on a potential new flash message when an
extension is installed:

1) extension is not reviewed = like you suggested warning (red): "this
extension comes from a third party and was not reviewed by security
blalba, do you really want to install it?"

2) extension was reviewed = let the user install it with the notice
(green): "this extension was reviewed by our team at xx.yy.2008. It was
considered secure at that time, so you are probably on the safe side".


This way we can continue to have the idea of reviews in the backend and
use it also for future "class-A" extensions.

Cheers,
Ernesto




More information about the TYPO3-dev mailing list