Feature #82002

Implement first installation token

Added by Oliver Hader almost 4 years ago. Updated almost 3 years ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Install Tool
Start date:
2017-07-29
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

see https://www.golem.de/news/certificate-transparency-hacking-web-applications-before-they-are-installed-1707-129172.html

Steps for TYPO3
  • TYPO3 creates FIRST_INSTALL.php (name to be discussed) file on first request with some random token
  • admin has to open that file and copy&paste the token to the Install Tool
  • only the created session with the correct token in the step-installer allows to take further actions
#1

Updated by Helmut Hummel almost 4 years ago

create FIRST_INSTALL file on first request with some random token

By default this file is in document root, which means it can be downloaded

#2

Updated by Oliver Hader almost 4 years ago

  • Description updated (diff)
#3

Updated by Oliver Hader almost 4 years ago

Helmut Hummel wrote:

create FIRST_INSTALL file on first request with some random token

By default this file is in document root, which means it can be downloaded

True. I adjusted the description which is of course still topic to be discussed and not the "final list".

#4

Updated by Oliver Hader almost 4 years ago

  • OTRS-Sec Ticket-ID set to 201704095760000011
#5

Updated by Benni Mack almost 4 years ago

we could rename it to ".FIRST_INSTALL"

#6

Updated by Oliver Hader almost 4 years ago

  • Status changed from New to Accepted

As the article mentions that TYPO3 is not that bad compared to other CMS vendors - since we have the FIRST_INSTALL semaphore already in place - this is considered as feature for TYPO3 9.

#7

Updated by Oliver Hader over 3 years ago

  • Tracker changed from Bug to Feature
  • Project changed from 1716 to TYPO3 Core
#8

Updated by Oliver Hader over 3 years ago

Moved to public tracker since the article has been published anyway

#9

Updated by Oliver Hader over 3 years ago

  • Category set to Install Tool
  • Target version set to 9 LTS
#10

Updated by Susanne Moog almost 3 years ago

  • Target version changed from 9 LTS to Candidate for Major Version

Also available in: Atom PDF