[TYPO3-core] RFC: #11710: Remove local loopback bypass in Install Tool Login
Stefan Geith
typo3dev2008.nospam1 at geithware.de
Fri Aug 28 12:54:07 CEST 2009
Steffen Kamper schrieb:
> Hi,
>
> Stefan Geith schrieb:
>> Steffen Kamper schrieb:
>>> Hi Stefan,
>>>
>>> it's more easy: open the file and insert KEEP_FILE and the file won't
>>> be deleted.
>> Yes, but then everybody from the world wide world
>> can try to guess my install-password ...
>>
>
> how is this related to the password? It just prevent the file from
> delete. And: using KEEP_FILE shouldn't be used on a live server ;)
You asked:
> Anyway it's annoying for me on my local machine to be asked for file
> creation. Any suggestions for lazy devs (without patching it to 1==1)?
An _that_ was my answer: Use file 'INSTALL_IP_LIST' (see my post)
BTW: i _never_ have ENABLE_INSTALL_TOOL-Files in my installations.
I always patch install/index.php to allow only my (static) IP-Address.
/Stefan
More information about the TYPO3-team-core
mailing list