Feature #21257

Integrate Security section to Install Tool

Added by Oliver Hader about 10 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-10-12
Due date:
% Done:

0%

PHP Version:
5.2
Tags:
Complexity:
Sprint Focus:

Description

In TYPO3 4.3 there are several new security related extensions and settings, like saltedpasswords, rsaauth etc. However, it is not easy to configure these features easily since they depend on preconditions - e.g. rsaauth requires openssl installed on the server, saltedpasswords requires a HTTPS connection or rsaauth installed.

A new section in the Install Tool, called "Security" shall help to configure these things by integrating a new wizzard that can perform the required checks (e.g. openssl installed) and ask the admin whether he wants to use a specific secruity related feature. Thus it would be possible to use these new features from the very beginning after installing or upgrading to 4.3, e.g.
  • RSAAuth by default
  • SaltedPasswords by default

(issue imported from #M12214)

History

#1 Updated by Bernhard Kraft over 9 years ago

+1 by me for such a section.

altough this breaks up the clear sorting by SYS / BE / FE etc, such a section would make sense. I thing it could be better to simply introduce a new section SEC and change all currently used keys accordingly.

(To keep compatibility this could be done from within config_default.php for 4.3 branch)

#2 Updated by Ingo Renner over 9 years ago

I'd like to ask to postpone this to 4.5. I'd then put this in a security report. with other things like checking for new TYPO3 versions and installed insecure extensions...

#3 Updated by Stefan Neufeind over 8 years ago

Would be great to have this in for 4.6 maybe ...

#4 Updated by Xavier Perseguers about 8 years ago

  • Target version deleted (4.6.0-beta1)

#5 Updated by Georg Ringer almost 5 years ago

  • Status changed from New to Needs Feedback

still valid?

we got:
  • presets in install tool
  • security section in reports module

#6 Updated by Markus Klein over 4 years ago

  • Status changed from Needs Feedback to Closed

no progress since ages.

Also available in: Atom PDF