[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Marc Wöhlken
woehlken at quadracom.de
Mon Jun 22 11:43:37 CEST 2009
Hi!
Michael Stucki schrieb:
>> In cases of an insecure Install Tool password, it would be helpful if
>> that file is automatically removed if it is older than one hour. This
>> assures that an admin has explicitely unlocked the Install Tool within
>> the last hour.
I don't believe deleting that file after any given period of time is a
proper solution to this problem (weak passwords) - it will only make
working with the install tool less convenient.
If we want better install tool security we should work on enforcing
better passwords (e.g. by requiring a certain length and chars from
different sets of chars like letters, numeric, etc.) or try to make
brute force hack attempts impossible (by loggig unsuccessfull attempts
and lock the install tool for a given IP).
>> Solution:
>> Remove the file if it is older than 1 hour.
>> Additionally, I have slightly adjusted the error message and changed
>> the syntax from one huge line to smaller pieces.
No solution in my eyes
-1
--
...........................................................
Marc Wöhlken TYPO3 certified intregator
Quadracom - Proffe & Wöhlken
Rembertistraße 32 WWW: http://www.quadracom.de
D-28203 Bremen E-Mail: woehlken at quadracom.de
______________ PGP-Key: http://pgp.quadracom.de
More information about the TYPO3-team-core
mailing list