Feature #82002

Implement first installation token

Added by Oliver Hader about 2 years ago. Updated 12 months ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Install Tool
Start date:
2017-07-29
Due date:
% Done:

0%

PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

see https://www.golem.de/news/certificate-transparency-hacking-web-applications-before-they-are-installed-1707-129172.html

Steps for TYPO3
  • TYPO3 creates FIRST_INSTALL.php (name to be discussed) file on first request with some random token
  • admin has to open that file and copy&paste the token to the Install Tool
  • only the created session with the correct token in the step-installer allows to take further actions

History

#1 Updated by Helmut Hummel about 2 years ago

create FIRST_INSTALL file on first request with some random token

By default this file is in document root, which means it can be downloaded

#2 Updated by Oliver Hader about 2 years ago

  • Description updated (diff)

#3 Updated by Oliver Hader about 2 years ago

Helmut Hummel wrote:

create FIRST_INSTALL file on first request with some random token

By default this file is in document root, which means it can be downloaded

True. I adjusted the description which is of course still topic to be discussed and not the "final list".

#4 Updated by Oliver Hader about 2 years ago

  • OTRS-Sec Ticket-ID set to 201704095760000011

#5 Updated by Benni Mack almost 2 years ago

we could rename it to ".FIRST_INSTALL"

#6 Updated by Oliver Hader almost 2 years ago

  • Status changed from New to Accepted

As the article mentions that TYPO3 is not that bad compared to other CMS vendors - since we have the FIRST_INSTALL semaphore already in place - this is considered as feature for TYPO3 9.

#7 Updated by Oliver Hader over 1 year ago

  • Tracker changed from Bug to Feature
  • Project changed from Core Security to TYPO3 Core

#8 Updated by Oliver Hader over 1 year ago

Moved to public tracker since the article has been published anyway

#9 Updated by Oliver Hader over 1 year ago

  • Category set to Install Tool
  • Target version set to 9 LTS

#10 Updated by Susanne Moog 12 months ago

  • Target version changed from 9 LTS to Candidate for Major Version

Also available in: Atom PDF