[Typo3-typo3org] Comments on the mirroring concept
Michael Stucki
michael at typo3.org
Tue Mar 8 19:21:17 CET 2005
Hi Robert,
> I think that this a good idea generally. But to make this a safe solution
> you can rely on, you have to make sure that the TYPO3 site admin has no
> chance to introduce any PHP code himself, which is quite hard to
> accomplish.
Yes I know this could be difficult. However this might be a good start:
- use the whitelist only (means: site admin cannot create/install custom
made extensions)
- disable all kinds of userFunc and USER functions (OR find a way to use
only files from a special directory which is not writable for that user)
- what else?
> Usually when I have to give support on a site and I don't have access to
> the install too, I just insert a PHP script by adding some TypoScript
> which changes the install tool password in the localconf.php ...
Well, the shell extension is much easier!
Move localconf.php to fileadmin/, edit it and move it back. Done! :-)
- michael
--
Want support? Please read the list rules first: http://typo3.org/1438.0.html
==
Time to subscribe to typo3-announce:
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce
More information about the TYPO3-team-typo3org
mailing list