[TYPO3-ect] Securing typo3conf
Martin Holtz
typo3ng_2008 at martinholtz.de
Mon Sep 8 11:20:55 CEST 2008
Hi Tonix,
> I've the feeling /typo3conf should be totally forbidden for any web
> access, because it contains too much files (i.e. constants, setup)
> which should not be accessed directly from web.
>
> So I deny access to /typo3conf in my website configuration, and all
> works, except for some routines which must be explicited enabled.
> Up to now (for what I'm using now), paths I must enable are:
>
> * /typo3conf/ext/sr_freecap/pi1/captcha.php
> * /typo3conf/ext/sr_freecap/pi2/newFreeCap.js
> * /typo3conf/ext/dam_frontend/pushfile.php
keep in mind, that some extensions have css/icons etc. which are used in
frontend and/or backend.
gruss,
martin
More information about the TYPO3-team-extension-coordination
mailing list