Project

General

Profile

Actions
Copy link

Task #23078

closed

Ship .htaccess with a Deny rule for *.sql

Added by Steffen Gebert almost 14 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Markus Klein
Category:
-
Target version:
7.4 (Backend)
Start date:
2010-07-02
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Sprint Focus:
Remote Sprint

Description

*.sql files can disclosure infomation, which could be helpful for attackers.
ext_tables.sql in extensions is an example.

(issue imported from #M14975)

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #22513: Changelog, README, NEWS files should be blocked via htaccessClosed2010-04-26

Actions
Related to TYPO3 Core - Task #66235: deliver suitable .htaccess files for apache 2.4ClosedMarkus Klein2015-04-02

Actions
Actions
Copy link
 #1

Updated by Steffen Gebert over 12 years ago

  • Target version deleted (0)
  • TYPO3 Version changed from 4.4 to 4.7

Opinions?

Actions
Copy link
 #2

Updated by Georg Ringer over 12 years ago

don't do that as there is absolutly no benefit and fare more ways to get the version of an extension.

if there is a sqlI on a website, you don't need those files anyway to get the table structure.

better would be to invest time to be able to move the ext_tables.sql inside the Resources/Private folder as there is the better way for an htaccess to block everything.

Actions
Copy link
 #3

Updated by Steffen Gebert over 12 years ago

I filed this once when I googled for some TYPO3 string and ended up in a SQL dump of someone's TYPO3 installation. That's why I would say better safe than sorry..

Although they didn't link it anywhere and they created it just a few days ago, it appeared in the Google results. Of course, ext_tables.sql is a bad argument. Let's just use the vote button!

Actions
Copy link
 #4

Updated by Steffen Ritter about 12 years ago

  • Target version set to 4.7.0-beta2
Actions
Copy link
 #5

Updated by Steffen Ritter about 12 years ago

  • Target version changed from 4.7.0-beta2 to 4.7.0-beta3
Actions
Copy link
 #6

Updated by Stephan Großberndt about 9 years ago

  • Tracker changed from Bug to Feature
  • Target version changed from 4.7.0-beta3 to next-patchlevel
  • PHP Version deleted (5.3)
Actions
Copy link
 #7

Updated by Stephan Großberndt about 9 years ago

  • Tracker changed from Feature to Task
  • TYPO3 Version set to 7
Actions
Copy link
 #8

Updated by Stephan Großberndt about 9 years ago

  • Assignee set to Andreas Kienast
Actions
Copy link
 #9

Updated by Gerrit Code Review about 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #10

Updated by Gerrit Code Review about 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #11

Updated by Gerrit Code Review about 9 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #12

Updated by Gerrit Code Review about 9 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #13

Updated by Gerrit Code Review about 9 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #14

Updated by Gerrit Code Review about 9 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #15

Updated by Gerrit Code Review about 9 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #16

Updated by Gerrit Code Review about 9 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #17

Updated by Gerrit Code Review about 9 years ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #18

Updated by Gerrit Code Review about 9 years ago

Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #19

Updated by Gerrit Code Review about 9 years ago

Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #20

Updated by Gerrit Code Review almost 9 years ago

Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #21

Updated by Gerrit Code Review almost 9 years ago

Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #22

Updated by Gerrit Code Review almost 9 years ago

Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #23

Updated by Gerrit Code Review almost 9 years ago

Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #24

Updated by Gerrit Code Review almost 9 years ago

Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #25

Updated by Markus Klein almost 9 years ago

  • Assignee changed from Andreas Kienast to Markus Klein
  • Target version changed from next-patchlevel to 7.4 (Backend)
  • Sprint Focus set to Remote Sprint
Actions
Copy link
 #26

Updated by Gerrit Code Review almost 9 years ago

Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #27

Updated by Gerrit Code Review almost 9 years ago

Patch set 18 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #28

Updated by Gerrit Code Review almost 9 years ago

Patch set 19 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39254

Actions
Copy link
 #29

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40792

Actions
Copy link
 #30

Updated by Andreas Fernandez almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #31

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Resolved to Under Review

Patch set 2 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40792

Actions
Copy link
 #32

Updated by Andreas Fernandez almost 9 years ago

  • Status changed from Under Review to Resolved
Actions
Copy link
 #33

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF