[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Marcus Krause
marcus#exp2009 at t3sec.info
Mon Jun 22 11:44:21 CEST 2009
Steffen Kamper schrieb am 06/22/2009 11:09 AM Uhr:
> Hi Michael,
>
> Michael Stucki schrieb:
>> Hi all,
>>
>> after reading through the comments of this thread, I have a new proposal:
>> - The file is removed after 1 hour _unless_ it has a special content
> do you mean if user are _in_ install tool?
>
>> - As Ingmar already mentioned, I have added the keep-alive feature
>>
>> I'm still not sure if the option to skip removal is good, but since it
>> is no automatic solution it seems like a good compromise to me.
>> What do you think?
>>
>
> +1 for this, here is an additional possibility for admins to
> create/delete the file
For creation of the file from the BE, please create a new RFC.
Additionally, please make the new patch bulletproof:
- admin check
- CSRF protection (@see new forget password functionality in felogin)
Thanks.
Marcus.
--
TYPO3 Security blog: http://secure.t3sec.info/
More information about the TYPO3-team-core
mailing list