[TYPO3-core] RFC: removing symlinks - Report

Karsten Dambekalns karsten at typo3.org
Tue Feb 14 10:51:42 CET 2006


Hi.

On Tuesday 14 February 2006 10:02, Michael Stucki wrote:
> > I fear that Ingmar is right that this might pose a security risk.
>
> I'm not sure if you really understand what I mean. See the attached patch.
> Why should this pose a security risk?!

We can avoid the risk of injecting something via a global variable by defining 
the constant. Of course should people disable register_globals, but why not 
make it idiot-proof[1] if we can?

Plus consistency, blahdiblah. +1 for using constants.

Karsten

[1] nature will always invent better idiots, but why not try to be faster?
-- 
Karsten Dambekalns
TYPO3 Association - Active Member
http://association.typo3.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20060214/fb02cf1a/attachment.pgp 


More information about the TYPO3-team-core mailing list