[Typo3-typo3org] Comments on the mirroring concept

Juergen Egeling egeling at punkt.de
Wed Mar 9 15:25:27 CET 2005

* Michael Stucki <michael at typo3.org> [050308 19:21]:
> > I think that this a good idea generally. But to make this a safe solution
> > you can rely on, you have to make sure that the TYPO3 site admin has no
> > chance to introduce any PHP code himself, which is quite hard to
> > accomplish.

Isn't this the same with *any* mirror server in the internet.
If the ADMIN is mad he could do anything.
But compromising an EXT I just would write one and upload it.
Give it a fancy name and make sure that on the first run it
generates code that is put somewhere, where it is always run
and not deleted from the EXT.
OK,it will be found, but that might take quite some time.

> Well, the shell extension is much easier!
> Move localconf.php to fileadmin/, edit it and move it back. Done! :-)

So as we all know this it could be used easily by anyone.
The point is: People have to be careful on the internet,
with *everthing*, and as EXT are only run be admins
they should know what they are doing.
Some might trust, some might download the source and read
it and then install it.
Same with debian and freeBSD packages. What i try to say:
I would not put too much efforts i nmaing it *safe* because
IMHO it is not possible to make it save and therefore will give
people the false impression that it might be safe.

have fun
punkt.de GmbH               Internet-Dienstleistungen-Beratung
Vorholzstr. 25              Tel.: 0721 9109-0  Fax: -100 
76137 Karlsruhe             info at punkt.de    http://punkt.de/

More information about the TYPO3-team-typo3org mailing list