[TYPO3-english] Freesite ext for public use?

[Elijah Alcantara]

Hi,

I would like to open up a community site using that ext and ea. member 
will have their own webpage and optional domain, what security risks 
should I watch out for?

Here's what I've done so far:
- I've disabled many features of the RTE esp. html content.
- the freesite create page is in an iframe that now detects fe login, so 
to create a site it must be a registered user first and is set on a user 
group that changes to a diff group with restrictions to prevent multiple 
accounts.
- have set all uploads to 200kb or so, since I haven't found a single 
ext that can monitor how much disk and db space the user have used up 
(to prevent abuse)
- more captcha on forms
- very limited content creation in the backend (mostly text and images)
- I'm using the old version of freesite < 0.2.0 , it's heavily 
customized so I can't just upgrade yet. Is there any security issue even 
in the past versions? I checked the changelog and it doesn't seem to say 
anything about those.


Is there anything dangerous that I've missed? How else can this be abused?



Also I have a few concerns:
- my hosting provider can only allow 250k inodes (50k now and with only 
a handful of sites), and knowing typo3 it creates too many files in 
uploads and cache files. Is it possible to change some of the 
functionality and save on the db instead? or is this a bad idea and I 
should just switch hosts?
- aside from inodes, what other issues can pop up from getting a huge 
list of users and page trees?
- anyone know of a good host that doesn't have much limits on inodes and 
should handle a typo3 site very well? ( I have my eye on mittwald but 
it's in german and I can't translate that )



Thanks for reading,
Elijah