[Typo3-typo3org] Comments on the mirroring concept

Michael Stucki michael at typo3.org
Tue Mar 8 19:21:17 CET 2005

Hi Robert,

> I think that this a good idea generally. But to make this a safe solution
> you can rely on, you have to make sure that the TYPO3 site admin has no
> chance to introduce any PHP code himself, which is quite hard to
> accomplish.

Yes I know this could be difficult. However this might be a good start:

- use the whitelist only (means: site admin cannot create/install custom
  made extensions)

- disable all kinds of userFunc and USER functions (OR find a way to use
  only files from a special directory which is not writable for that user)

- what else?

> Usually when I have to give support on a site and I don't have access to
> the install too, I just insert a PHP script by adding some TypoScript
> which changes the install tool password in the localconf.php ...

Well, the shell extension is much easier!
Move localconf.php to fileadmin/, edit it and move it back. Done! :-)

- michael
Want support? Please read the list rules first: http://typo3.org/1438.0.html
Time to subscribe to typo3-announce:

More information about the TYPO3-team-typo3org mailing list