[TYPO3-core] hardcoded typo3 directory

[Jigal van Hemert]

Hi,

On 17-7-2011 16:26, Philipp Gampe wrote:
> Jigal van Hemert wrote:
>> I really wonder if it is a *useful* option.
> I think the only usefull option is to hide the fileadmin dir. Hiding typo3/
> can be done on server side.
> I think it is too easy to see a TYPO3 installation because you always see
> this fileadmin dir.
> I would prefer renaming fileadmin to files, but I guess this is not an
> option ;)

Even that has no use other than choosing a nice name. To protect the 
files in this directory there are other suitable solutions.

Why would you hide the fact that a website uses TYPO3? It's in the HTML 
source anyway (or should be according to the license). If you keep the 
installation up-to-date and follow some general security guidelines 
there is no more danger than with any other site (maybe even less with 
the security record of TYPO3).

Currently you can set the name for the fileadmin tot 'files', so that 
can already be done. I don't see any useful application for this. 
Security by obscurity is not advisable.

I agree with Steffen K. that it would be more useful to invest effort in 
documenting better ways to protect a BE login location, etc.

-- 
Kind regards / met vriendelijke groet,

Jigal van Hemert.