Project

General

Profile

Actions

Feature #82002

open

Implement first installation token

Added by Oliver Hader almost 7 years ago. Updated 4 months ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
Start date:
2017-07-29
Due date:
% Done:

0%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

see https://www.golem.de/news/certificate-transparency-hacking-web-applications-before-they-are-installed-1707-129172.html

Steps for TYPO3
  • TYPO3 creates FIRST_INSTALL.php (name to be discussed) file on first request with some random token
  • admin has to open that file and copy&paste the token to the Install Tool
  • only the created session with the correct token in the step-installer allows to take further actions
Actions

Also available in: Atom PDF