[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Dmitry Dulepov
dmitry at typo3.org
Mon Oct 6 11:19:52 CEST 2008
Hi!
Ingo Renner wrote:
> then this is not our problem if he acts this irresponsibly, after all we
> can't cover all cases (especially not the user created stupid ones).
It is not about acting irresponsibly. Lots of problems exists on Windows platform that allow to create such files remotely through exploits. Administrator can be completely unaware of it.
This was the case for "Admin" (AKA "Nimda") virus several years ago. Even NTFS permissions did not always help. You remove the virus and it appears again within seconds. It is just impossible to fight it.
Therefore I think such check is good. It costs nothing (comparing constant to a constant string) but provides better security.
--
Dmitry Dulepov
TYPO3 Core team
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
In the blog: http://typo3bloke.net/post-details/duplicate_content_with_realurl/
More information about the TYPO3-team-core
mailing list