[TYPO3-core] Fwd: [TYPO3-dev] Improvement against SQL injections

Martin Kutschker martin.kutschker-n0spam at no5pam-blackbox.net
Sat Aug 4 19:24:21 CEST 2007


Michael Stucki schrieb:
> Hi all,
> 
> I have been asked by Lars if I could forward his message to this list. So here 
> it is. Please keep in mind to not start any discussion about it in here but 
> in the dev list (= public discussion) instead.

The only commment that I have is that I wouldn't use a (executable) PHP 
file but some text data or a serialized array. The file itself could be 
protected by a checksum as well to prevent simple tampering with it. *

Masi

* too bad the salt is open for everyone (but better than nothing).


More information about the TYPO3-team-core mailing list