[TYPO3-core] RFC #14719: Automatically create ENABLE_INSTALL_TOOL file when 1-2-3 Install Tool is used
Helmut Hummel
helmut at typo3.org
Sun Jun 20 16:43:37 CEST 2010
Hi Bernd,
On 20.06.10 16:24, bernd wilke wrote:
>
> access from 'outside':
> intruder may guess (correctly):
> 'localhost'/'root'/''
Well if you do not set a password for your mysql root user ...
> intruder may enter data for his own external database:
> '12.34.56.78'/'hacker'/'pwd'
This is indeed a good point I haven't though of :(
> => he get access to install-tool and can do anything.
Right. I have no idea any more how to secure this, without leaving it
like it is and providing the FIRST_INSTALL in the introduction package
only (which I guess is not meant for production use anyway).
Regards Helmut
More information about the TYPO3-team-core
mailing list