[TYPO3-team-core-v5] Getting rid of index_dev.php - please give feedback

Robert Lemke robert at typo3.org
Mon Mar 2 18:13:24 CET 2009 

Hi Karsten,

Am 25.02.2009 um 11:51 schrieb Karsten Dambekalns:

> Arbitrary contexts - a problem?
>
> Looking at the SetEnvIf line it becomes clear that this will not work
> for index_testing.php or index_funny.php. Adding another SetEnvIf is  
> not
> too hard, but should it be needed?
>
> One solution could be to ucfirst() the context from the environment
> variable, then it would work if combined with a rewrite rule like
>  ^(?:index(?:_([a-z]+))?.php)?(.*)$ /index.php?/$2 [E=FLOW3_CONTEXT: 
> $1]
>
> The drawback would be that one would have to write  
> index_development.php
>
> Is support for arbitrary contexts something we should have? Is it  
> worth
> the trouble?

yes, I think we should support arbitrary contexts. But that doesn't mean
we need multiple index*.php files to support it. FLOW3 could perfectly
check the context environment variable or some other argument itself.

After reading this thread I suggest that we should support two ways  
for switching
to a specific context:

  a) through an environment variable
  b) through a command line argument / GET parameter

The first solution is nice for the mod_rewrite or virtual host  
scenario (eg.
calling http://mysite.com for production and http://dev.mysite.com for  
development
context).

The second solution is easier to handle and allows for ad-hoc  
selection of the
context, similar to manually passing a ?no_cache=1 to TYPO3 v4.

IMO security is a different kettle of fish and should not depend on  
the environment.
Therefore the dev context will come with some security policies which  
are very restrictive
by default and need to be loosened if the dev context is really used.  
The dev context
(like any other non-production context) should be seen as an  
attractive goal for hackers
because it can reveal important information. Therefore it must be well  
protected by default.

My suggestion:

   - only one index.php for all contexts
   - switch via environment variable or command line / GET argument

Cheers,
robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: Signierter Teil der Nachricht
Url : http://lists.netfielders.de/pipermail/typo3-team-core-v5/attachments/20090302/e851c796/attachment.pgp

More information about the TYPO3-team-core-v5 mailing list