[TYPO3-core] hardcoded typo3 directory
Jigal van Hemert
jigal at xs4all.nl
Sun Jul 17 19:08:35 CEST 2011
On 17-7-2011 16:26, Philipp Gampe wrote:
> Jigal van Hemert wrote:
>> I really wonder if it is a *useful* option.
> I think the only usefull option is to hide the fileadmin dir. Hiding typo3/
> can be done on server side.
> I think it is too easy to see a TYPO3 installation because you always see
> this fileadmin dir.
> I would prefer renaming fileadmin to files, but I guess this is not an
> option ;)
Even that has no use other than choosing a nice name. To protect the
files in this directory there are other suitable solutions.
Why would you hide the fact that a website uses TYPO3? It's in the HTML
source anyway (or should be according to the license). If you keep the
installation up-to-date and follow some general security guidelines
there is no more danger than with any other site (maybe even less with
the security record of TYPO3).
Currently you can set the name for the fileadmin tot 'files', so that
can already be done. I don't see any useful application for this.
Security by obscurity is not advisable.
I agree with Steffen K. that it would be more useful to invest effort in
documenting better ways to protect a BE login location, etc.
Kind regards / met vriendelijke groet,
Jigal van Hemert.
More information about the TYPO3-team-core