[TYPO3-v4] Automatically enabled install tool
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Aug 3 00:05:43 CEST 2011
Hi Helmut,
could you please point us to the particular issue / review in gerrit
which introduced this change? Thanks!
Cheers,
Ernesto
Helmut Hummel schrieb am 02.08.2011 23:52:
> Hi,
>
> there have been a lot of discussions about automatically enabling the
> install tool and I regularly fought against it.
>
> Now it has been merged into 4.6beta and I'm a bit tired of fighting
> against it.
>
> That is the status (AFAIK):
>
> 1. The install tool (still is) a great danger for a TYPO3 installation.
> TYPO3 sites have been hacked because the install tool was
> (permanently) available (of course not only because of that).
> 2. If an admin clicks on the install backend module he install tool is
> enabled for 1h (independently of a logged in admin user)
> 3. While it is easy to enable, the disable button is still hidden in
> the user settings.
>
> From a admin user perspective it is of course nicer/ easier this way and
> it is much more integrated into the backend.
>
> What I do not like about it:
>
> I tells the wrong message.
>
> 1. It looks like a normal module now, but it's not.
> 2. There's no information/ confirmation any more that accessing/
> activating the install could be something dangerous.
> 3. Disabling the install tool is much more complicated than enabling it.
> 4. If I accidently click on the install tool menu item (although
> wanted to go to the log module), I enable it, exposing the
> TYPO3 installation to an unnecessary risk.
>
>
> I kindly ask to rethink this decision, or at least implement it in a way
> which does not make the install tool look like a regular backend module.
> It is not.
>
> Thanks.
>
> Kind regards,
> Helmut
>
More information about the TYPO3-project-v4
mailing list