[TYPO3-typo3org] Now security issues due to no way to post
Martin Holtz
typo3ng_2008 at martinholtz.de
Thu Apr 17 15:56:10 CEST 2008
Hi Michael,
>>> where is the problem? You get to it with x clicks:
>> well, i think Peter is right here.
>>
>> There could be an mail-form too. And i think it should be possible to
>> send a mail without javascript enabled.
>
> We had one once. However, spam problems forced us to shut it down.
hm... ok, perhaps there should be the email in text:
instead:
this e-mail address.
you could write:
security at typo3 org.
... or?
>> And why is the page with the security hidden?
sorry, that was an misspelling.
The page is not "hidden" but really hard to find.
IMHO there should be an link to the security page from typo3.org
directly. Perhaps in the select box in the top right, or in the first
menu level.
>> A few weeks ago i saw an video from the typo3 conference in Karlsruhe
>> 2006 - where someone talks about a checklist for writing secure
>> extensions. Afaik this checklist is not available for public yet - or i
>> did not find it yet.
if the people who review extensions uses checklists for the most common
issues - that checklist could be published?
So i can check on myself extensions i wrote and extensions others wrote too?
IMHO
regards,
martin
--
Martin Holtz
elemente websolutions GbR
Junkerstraße 24
www.elemente.ms
wiki.typo3.org/De:TSref
More information about the TYPO3-team-typo3org
mailing list