Project

General

Profile

Actions

Feature #82002

open

Implement first installation token

Added by Oliver Hader over 7 years ago. Updated about 2 months ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Security
Start date:
2017-07-29
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

see https://www.golem.de/news/certificate-transparency-hacking-web-applications-before-they-are-installed-1707-129172.html

Steps for TYPO3
  • TYPO3 creates FIRST_INSTALL.php (name to be discussed) file on first request with some random token
  • admin has to open that file and copy&paste the token to the Install Tool
  • only the created session with the correct token in the step-installer allows to take further actions
Actions #1

Updated by Helmut Hummel over 7 years ago

create FIRST_INSTALL file on first request with some random token

By default this file is in document root, which means it can be downloaded

Actions #2

Updated by Oliver Hader over 7 years ago

  • Description updated (diff)
Actions #3

Updated by Oliver Hader over 7 years ago

Helmut Hummel wrote:

create FIRST_INSTALL file on first request with some random token

By default this file is in document root, which means it can be downloaded

True. I adjusted the description which is of course still topic to be discussed and not the "final list".

Actions #4

Updated by Oliver Hader over 7 years ago

  • OTRS-Sec Ticket-ID set to 201704095760000011
Actions #5

Updated by Benni Mack over 7 years ago

we could rename it to ".FIRST_INSTALL"

Actions #6

Updated by Oliver Hader over 7 years ago

  • Status changed from New to Accepted

As the article mentions that TYPO3 is not that bad compared to other CMS vendors - since we have the FIRST_INSTALL semaphore already in place - this is considered as feature for TYPO3 9.

Actions #7

Updated by Oliver Hader almost 7 years ago

  • Tracker changed from Bug to Feature
  • Project changed from 1716 to TYPO3 Core
Actions #8

Updated by Oliver Hader almost 7 years ago

Moved to public tracker since the article has been published anyway

Actions #9

Updated by Oliver Hader almost 7 years ago

  • Category set to Install Tool
  • Target version set to 9 LTS
Actions #10

Updated by Susanne Moog over 6 years ago

  • Target version changed from 9 LTS to Candidate for Major Version
Actions #11

Updated by Oliver Hader about 1 year ago

  • Category changed from Install Tool to Security
Actions #12

Updated by Oliver Hader about 1 year ago

  • Target version changed from Candidate for Major Version to 13.0
Actions #13

Updated by Benni Mack 10 months ago

  • Target version changed from 13.0 to 13.1
Actions #14

Updated by Benni Mack 10 months ago

  • Target version changed from 13.1 to 13 LTS
Actions #15

Updated by Benni Mack about 2 months ago

  • Target version changed from 13 LTS to Candidate for Major Version
Actions

Also available in: Atom PDF