[TYPO3-core] Database Connection / Connection Pool

Bernhard Kraft kraftb at think-open.at
Fri Aug 31 11:12:21 CEST 2018


Years ago I created an extension "ext_security". The intention was to 
implement various security features but only for people wanting to rely 
on them.


The only feature I ever implemented there was FE database security. The 
database user for FE was a different than for BE operations. This raised 
security as the DB admin can spell out more fine grained access rights 
for the FE. Which makes the system resistent against SQL injections.

You could for example create a special database user (mysql) for FE 
context which is only allowed SELECT to all tables except cache, etc.

Would this make sense for the core? There is no way to alter the 
behaviour of ConnectionPool.php except by an alternate implementation 


More information about the TYPO3-team-core mailing list