[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour

Marcus Krause marcus#exp2009 at t3sec.info
Mon Jun 22 08:48:06 CEST 2009


Michael Stucki schrieb am 06/21/2009 06:41 PM Uhr:
> Again, now with proper subject :-)
> 
> - michael
> 
> Michael Stucki schrieb:
>> This is an SVN patch request.
>>
>> Type: Minor security enhancement
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=11368
>>
>> Branch: TYPO3_4-1, TYPO3_4-2, Trunk
>>
>> Problem:
>> To enable access to the Install Tool, a file
>> typo3conf/ENABLE_INSTALL_TOOL must be created.
>> In cases of an insecure Install Tool password, it would be helpful if
>> that file is automatically removed if it is older than one hour. This
>> assures that an admin has explicitely unlocked the Install Tool within
>> the last hour.
>>
>> Solution:
>> Remove the file if it is older than 1 hour.
>> Additionally, I have slightly adjusted the error message and changed
>> the syntax from one huge line to smaller pieces.

+1 for this functionality/tweak with the keep alive suggestion (not
read, not tested)

Marcus.


-- 
TYPO3 Security blog: http://secure.t3sec.info/


More information about the TYPO3-team-core mailing list