[TYPO3-core] RFC: #11368: ENABLE_INSTALL_TOOL file should be ignored if older than one hour
Michael Stucki
michael at typo3.org
Tue Jun 23 01:56:34 CEST 2009
Hi Bernd,
>> What would be possible (and not compromise security) would be a button
>> in the backend which admins can click to automatically create that file
>> when they need it. However, I'm not quite sure where such a button
>> should be placed, and if it makes sense at all...
>
> why do you need an extra button?
>
> clicking on 'install-Tool' in the left-menu means an admin wants access
> to install-tool. can this call of install-tool be preceeded with an
> automated generation of lock-file?
Great idea!
What does the security team say to this approach? Do you consider it to
be problematic?
I don't think it is a problem, as the file is only created if an admin
user has clicked on the "Install" module within the last hour (or if it
was created manually, again within the last hour). And still, there is
no Install Tool without having the password for it.
The alternative to this is v2 which I postead yesterday and which is
identical to this patch except that the enabler file was not created
automatically...
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bug_11368_v3.diff
Url: http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090623/6e451643/attachment.txt
More information about the TYPO3-team-core
mailing list