[TYPO3-core] RFC #14719: Automatically create ENABLE_INSTALL_TOOL file when 1-2-3 Install Tool is used
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Jun 16 09:14:49 CEST 2010
Steffen Kamper schrieb am 15.06.2010 23:18:
> i don't see the point of this discussion.
> Main point is to have a user friendly install - without manual creation
> of a file.
> This happens only until DB params are entered proper.
> Without DB connectivity you can do nothing, really nothing. So the
> security issues are not present.
> After DB establish the normal file lock is present and the site is
> safe.
Imagine you (or your hoster) unpacking typo3_src somewhere and leaving
the installation for "another day". The admin might think "it is not
installed yet, why bother".
But a hacker that find such a setup gains access to a complete install
tool (with a well known password, access to phpinfo(), nice tools like
"Edit files in typo3conf/" etc).
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list