TYPO3 Core

Hi Urs,
feeling safe is a fine thing - but sometimes only obscures real threats ;-)

Can you draft a case where such a configuration option would be superior to the solution we already have (ENABLE_INSTALL_TOOL file)?

Urs Braem wrote:

Say the admin has become very used to accessing the install tool only via the backend. [...]

Maybe he's being logged out from the BE. Maybe TYPO3 doesn't manage to clear the enablefile after 1h (not sure if that can happen).

And maybe the admin forgets to set the TYPO3_CONF_VARS option ...

In the case of an oblivious admin disabling the BE module IMO would be the better way to achieve more security.

Another argument: If "For additional security, the /typo3/install/ folder can be renamed, deleted, or password protected" really applies (thus really grants additional security), something equivalent should be possible in a standard setup with a symlinked core - or the hint might be removed or changed to "To feel safer, ...." :-).

If you install TYPO3 symlinked for easier maintenance all three options are still possible. In an environment with shared TYPO3 sources password protection as well as renaming is possible; deletion will indeed cause some effort before the install tool can be used again.

Maybe Helmut can add some considerations (or a pointer) from last years discussions about install tool security?

There's nothing to do here. An ENABLE_INSTALL_TOOL file older than 1h will be deleted on access or if the file (for whatever reason) cannot be deleted by the webserver user a file older than 1h will still count as invalid.

If you want extra security you can just delete it. If you're too lazy to do so on every update or your admin is too lazy to click the logout button, well then you can still add webserver auth for that path.

An additional TYPO3_CONF_VAR would not be beneficial at all.

If anything we must move all maintenance tasks to another place so that accessing the install tool would only be necessary during installation or upgrade.