[TYPO3-core] RFC #14935: Install tool password can be overwritten by an extensions' ext_localconf.php
Xavier Perseguers
typo3 at perseguers.ch
Tue Jan 4 18:47:59 CET 2011
Hi Benni,
> Problem:
> The Install Tool Password can be changed by any extension that is
> installed. It should only be changeable in localconf.php
>
> Solution:
> Use a constant instead of the variable - throughout the Core.
Quick question, did you try to redefine it anyway using PECL runkit?
http://php.net/manual/fr/function.runkit-constant-redefine.php
I have to leave now but wonder whether even this cool security feature
could not (under special circumstance) be zeroed anyway.
Cheers
Xavier
More information about the TYPO3-team-core
mailing list