[TYPO3-dev] Install Tool: Deletion suggested!?
Steffen Gebert
steffen at steffen-gebert.de
Thu May 13 10:47:39 CEST 2010
Am 13.05.2010, 10:28 Uhr, schrieb Sebastian Gebhard
<sebastian.gebhard at gmail.com>:
> Currently the install tool states:
>
> This script is a great danger to the security of TYPO3 if you don't
> secure it somehow.
> We suggest one of the following:
> [...]
> * Delete the folder 'typo3/install/' with this script in or just insert
> an 'exit;' line in the script-file there
>
> I'd propose to remove this suggestion from the install tool. It should
> not be deleted, because it is needed for future updates.
>
> The install tool already has two security barriers (password and
> ENABLE_INSTALL_TOOL) and can additionally be secured with a .htaccess
> file. I think that's safe enough..
Yes, please! That's one of the many texts in TYPO3 (and esp. the Install
Tool) i dislike.
Updating the typo3_src reinvents the "big" security problem, so you would
have to always delete the folder/edit the file.
Also I wouldn't call it "is a great danger" - the danger is not bigger
than an admin account.
I already talked to Benni to initiate some text reviews (esp. during
bugday05).
I just started a wiki page [1], where we can collect those texts and then
improve them (e.g. during BD).
Would you be so kind and just add, what you disklike, anybody might not be
able to understand or what is just outdated?
Thanks!
Steffen
[1] http://wiki.typo3.org/index.php/Ugly_Texts
More information about the TYPO3-dev
mailing list