[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Xavier Perseguers
typo3 at perseguers.ch
Sun Jun 21 19:41:30 CEST 2009
Hi Ingmar,
> I just talked to Michael about this, and he will adopt the patch, so
> that it will allow for longer sessions in the install tool, by touching
> the file at each click within the install tool. But it will still be
> necessary to create it in the beginning of the day when you want to
> start using the install tool.
:-|
> What would be possible (and not compromise security) would be a button
> in the backend which admins can click to automatically create that file
> when they need it. However, I'm not quite sure where such a button
> should be placed, and if it makes sense at all...
I guess it should not exist, the point of having to create it by hand
enforces the security, if I can click on a button in BE to create that
file, then why not simply allow the install tool to be used when an
admin is logged in and click on "Install Tool"...
> Apart from that, I'm +1 to the patch. Making installations more secure
> is a top priority IMHO and from experience I'd say that quite a lot of
> installations have the install tool enabled all the time.
It is already quite handy to delete it from BE, I really don't see why
we should bother real admins that know what they do but just my 2 cents.
I'm neither +1 nor -1.
Cheers
--
Xavier Perseguers
http://xavier.perseguers.ch/en
One contribution a day keeps the fork away
More information about the TYPO3-team-core
mailing list