[TYPO3-core] RFC: #11710: Remove local loopback bypass in Install Tool Login
Michael Stucki
michael at typo3.org
Mon Aug 17 12:52:43 CEST 2009
Hi Stefan,
>>> Just an idea:
>>> Couldn't we store a 'bypass-ip' in localconf ?
>>> - If it is empty (by default) nobody can login to
>>> install-tool _without_ the file 'ENABLE_INSTALL_TOOL'.
>>> (Same as with removed $_SERVER['REMOTE_ADDR'])
>>> - IF i want to bypass the 'ENABLE_INSTALL_TOOL'-check,
>>> I could enter an IP-Address (localhost=127.0.0.1 or
>>> a local IP=192.x.y.z or my Office-IP=123.321.x.y)
>>
>> Is it so difficult to press the button in the backend for creating the
>> ENABLE_INSTALL_TOOL file?
>
> No, but I don't want to let anybody in, but me ;)
> So I would never create the ENABLE_INSTALL_TOOL file
Idea: Allow an additional parameter in ENABLE_INSTALL_TOOL which
contains whitelisted IP addresses (or masks for them).
Additionally, you could add an input field to the setup module so
creating the file allows specification such value.
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list