[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Steffen Ritter
info at rs-websystems.de
Sun Jun 21 18:49:21 CEST 2009
Michael Stucki schrieb:
> Again, now with proper subject :-)
>
> - michael
>
> Michael Stucki schrieb:
>> This is an SVN patch request.
>>
>> Type: Minor security enhancement
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=11368
>>
>> Branch: TYPO3_4-1, TYPO3_4-2, Trunk
>>
>> Problem:
>> To enable access to the Install Tool, a file
>> typo3conf/ENABLE_INSTALL_TOOL must be created.
>> In cases of an insecure Install Tool password, it would be helpful if
>> that file is automatically removed if it is older than one hour. This
>> assures that an admin has explicitely unlocked the Install Tool within
>> the last hour.
>>
>> Solution:
>> Remove the file if it is older than 1 hour.
>> Additionally, I have slightly adjusted the error message and changed
>> the syntax from one huge line to smaller pieces.
>>
>> - michael
>>
>
>
-1, please take care that the last admin logout is past more than one
hour ago or make it configurable...
admins should be mature and not treated like childs. It's good to have
this ENABLE_INSTALL_TOOL, but please do not delete it like you want to.
Thinking about a day like today, using my free-time updating and
improoving a site of on an assocation im member of, working over the all
day with less power (since it's sunday, i wanna have a cup of coffe and
so on) i just don't wont to recreate this file every hour...
More information about the TYPO3-team-core
mailing list