[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Martin Kutschker
masi-no at spam-typo3.org
Mon Jun 22 10:34:27 CEST 2009
Marcus Krause schrieb:
> Steffen Kamper schrieb am 06/22/2009 12:03 AM Uhr:
>> Hi,
>>
>> Bastian Waidelich schrieb:
>>> Just an idea: would it be really hard to enable the install tool if
>>> the file exists _or_ an admin user is logged in?
>>>
>> hell of good idea! :)
>
> Please don't do this. This would mean, whenever an admin session is
> active you could potentially attack the install tool.
>
> My favourite is the button approach. Not every admin session needs the
> install tool. Only when really needed, the admin is able to create the
> file with a single click. The admin decides when to make his system
> "vulnerable" (aka enabling install tool). In your case the system will
> do that every time.
>
> Anyway, button or not is not about to vote in this RFC.
The idea is good. And when this will be implemented as well (in a
separate RFC) then I'm happy with this one.
Masi
More information about the TYPO3-team-core
mailing list