[TYPO3-core] RFC: removing symlinks - Report
Karsten Dambekalns
karsten at typo3.org
Tue Feb 14 10:51:42 CET 2006
Hi.
On Tuesday 14 February 2006 10:02, Michael Stucki wrote:
> > I fear that Ingmar is right that this might pose a security risk.
>
> I'm not sure if you really understand what I mean. See the attached patch.
> Why should this pose a security risk?!
We can avoid the risk of injecting something via a global variable by defining
the constant. Of course should people disable register_globals, but why not
make it idiot-proof[1] if we can?
Plus consistency, blahdiblah. +1 for using constants.
Karsten
[1] nature will always invent better idiots, but why not try to be faster?
--
Karsten Dambekalns
TYPO3 Association - Active Member
http://association.typo3.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20060214/fb02cf1a/attachment.pgp
More information about the TYPO3-team-core
mailing list