[TYPO3-team-core-v5] Getting rid of index_dev.php - please give feedback
Karsten Dambekalns
karsten at typo3.org
Wed Feb 25 14:15:25 CET 2009
Hi Martin.
On 25.02.2009 12:20 Uhr, Martin Kutschker wrote:
>> The idea of using an environment variable came up in the past, and I
>> tried that today.
>
> Isn't that potentially dangerous? Relying on the environment could be an
> invitation for hackers to try and spoof it.
Maybe, yes. Though I cannot think of any way to spoof the variable if it
is set using SetEnvIf (or SetEnv for that matter).
Which makes a strong case for that way and *not* using mod_rewrite's E
flag to do it - because with that you could not "switch a context off"
by removing a file or configuration line...
So, maybe do it like this: One index.php, it uses the environment
variable. For the web you need to set that manually or with some magic,
depending on your needs. No more predefined magic from our side.
And for those who dislike or cannot use that solution it is still
possible to adjust the tiny bit of index.php to use a hardcoded context
name.
Regards,
Karsten
More information about the TYPO3-team-core-v5
mailing list