Feature #9700
Add version and md5 informations to the FindInsecureExtensions-Test-Whitelist
| Status: | New | Start date: | 2010-09-13 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Votes: | 0 |
Description
Currently the whitelist allows whitelisting of complete extension keys only. That does not fit all needs. So the whitelist syntax should be extended to add allowed versions and md5 hashes.
I suggest to update the syntax as follows:
//allow all my_custom_extension variants my_custom_extension // allow tt_address in the following two flavours additionally to ter tt_address : 1.2.3_patched tt_address : 1.2.6_patched // allow the patched typo3 version if the md5 fits tt_news : 4.2.3_patched : 4fb7bafab17e7ca07aaf4d4c266c7846
Since the ter already stores the md5 of the t3x file we should add a feature to measure this value. That should also be the md5 we use in the ext-whitlist configuration.
History
Updated by Martin Ficzel over 2 years ago
- Subject changed from Add Version and md5 informations to the FindInsecureExtensions-Test-Whitelist to Add version and md5 informations to the FindInsecureExtensions-Test-Whitelist
Updated by Thomas Hempel over 2 years ago
I'm not sure if we should rely on the md5 checksum from the TER. That won't allow you to check wether one of your own extension had been modified or not.
I would rather recommend to use the checksum of the plain directory or both (folder and TER).