[TYPO3-core] Database Connection / Connection Pool
Bernhard Kraft
kraftb at think-open.at
Fri Aug 31 11:12:21 CEST 2018
Hi,
Years ago I created an extension "ext_security". The intention was to
implement various security features but only for people wanting to rely
on them.
https://extensions.typo3.org/extension/ext_security/
The only feature I ever implemented there was FE database security. The
database user for FE was a different than for BE operations. This raised
security as the DB admin can spell out more fine grained access rights
for the FE. Which makes the system resistent against SQL injections.
You could for example create a special database user (mysql) for FE
context which is only allowed SELECT to all tables except cache, etc.
Would this make sense for the core? There is no way to alter the
behaviour of ConnectionPool.php except by an alternate implementation
(xclass).
greetings,
Bernhard
More information about the TYPO3-team-core
mailing list