Project

General

Profile

Actions

Feature #23987

closed

Install Tool always unlocked when accessed via 127.0.0.1

Added by Marcus Raphelt about 14 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2010-11-08
Due date:
% Done:

0%

Estimated time:
PHP Version:
5.1
Tags:
Complexity:
Sprint Focus:

Description

If accessed via 127.0.0.1, the install tool can always be accessed, regardless if there is a ENABLE_INSTALL_TOOL file or not.

While this is okay on a development machine, it may be a security leak in productive environments:

We've got one client that runs a reverse proxy and the Website on the same machine. The backend vhost therefore gets all requests from 127.0.0.1, so the install tool is always open.

My Suggestion: add a conf var like $TYPO3_CONF_VARS['BE']['installToolAlwaysAllowFromLocalhost'] that defaults to false.

(issue imported from #M16304)


Related issues 2 (0 open2 closed)

Is duplicate of TYPO3 Core - Bug #20878: Remove the bypass to log in from the local loopback deviceClosedSteffen Kamper2009-08-14

Actions
Has duplicate TYPO3 Core - Bug #21724: Local reverse proxy disables ENABLE_INSTALL_TOOL checkClosed2009-11-28

Actions
Actions

Also available in: Atom PDF