[TYPO3-core] RFC #14719: Automatically create ENABLE_INSTALL_TOOL file when 1-2-3 Install Tool is used

bernd wilke t3ng at pi-phi.tk
Sun Jun 20 16:24:15 CEST 2010


Am Sun, 20 Jun 2010 12:03:31 +0200 schrieb Susanne Moog:

> On 14.06.2010 19:06, Jeff Segars wrote:
>> Hey guys,
>> This is a SVN patch request.
>> 
>> Type: (mini) Feature, Usability
>> 
>> Bugtracker Reference: http://bugs.typo3.org/view.php?id=14719
>> 
>> Branches: Trunk
>> 
>> Problem:
>> When a new user first installs TYPO3, they must create the
>> ENABLE_INSTALL_TOOL file before installation can continue. For a
>> friendlier first install, it would be nice to automatically create the
>> file and go directly to the 1-2-3 Install Tool
> 
> Find attached a version of this patch, that implements Helmuts proposal
> as follows:
> 
> * Jeffs v2 is the base of the patch, so if FIRST_INSTALL is present it
> gets deleted and the ENABLE_INSTALL_TOOL file is created. * If you
> haven't set your database credentials or if it is not possible to
> connect with the given credentials you will be redirected to the db step
> of the install tool in 1-2-3 mode, so you have no access to advanced
> mode as long as your database is not set up.
> 
> So this is the combination of Jeffs and Steffens solution.
 

question for security-team:
what are the needs to restrict the following situation:

Source and dummy installed, but no further action (no database 
configured, not entered install-tool)

access from 'outside':
intruder may guess (correctly):
	'localhost'/'root'/''
intruder may enter data for his own external database:
	'12.34.56.78'/'hacker'/'pwd'

=> he get access to install-tool and can do anything.


bernd
-- 
http://www.pi-phi.de/cheatsheet.html


More information about the TYPO3-team-core mailing list