[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour

[Michael Stucki]

Hi all,

after reading through the comments of this thread, I have a new proposal:
- The file is removed after 1 hour _unless_ it has a special content
- As Ingmar already mentioned, I have added the keep-alive feature

I'm still not sure if the option to skip removal is good, but since it 
is no automatic solution it seems like a good compromise to me.
What do you think?

- michael

Ingmar Schlecht schrieb:
> Hi Steffen,
> 
> I just talked to Michael about this, and he will adopt the patch, so
> that it will allow for longer sessions in the install tool, by touching
> the file at each click within the install tool. But it will still be
> necessary to create it in the beginning of the day when you want to
> start using the install tool.
> 
> What would be possible (and not compromise security) would be a button
> in the backend which admins can click to automatically create that file
> when they need it. However, I'm not quite sure where such a button
> should be placed, and if it makes sense at all...
> 
> Apart from that, I'm +1 to the patch. Making installations more secure
> is a top priority IMHO and from experience I'd say that quite a lot of
> installations have the install tool enabled all the time.
> 
> cheers
> Ingmar
-- 
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11368_v2.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090622/4510b64d/attachment.txt