TYPO3 Logo
TYPO3 Explained
Release: main

Loading data.

  • Introduction
  • API A-Z
    • Assets (CSS, JavaScript, Media)
    • Authentication
      • CSRF-like request token handling
      • Multi-Factor Authentication
    • Autoloading
      • ComposerClassLoader
    • Backend APIs
      • Access control in the backend (users and groups)
        • Users and groups
        • Password reset functionality
        • Roles
        • Access Control Options
        • Other Options
        • More about file mounts
        • Backend users module
      • JavaScript in TYPO3 backend
        • ES6 in the TYPO3 Backend
        • Client-side templating
        • Various JavaScript modules
          • Modals
          • Multi-step wizard
          • DocumentService (jQuery.ready substitute)
          • SessionStorage wrapper
        • Ajax request
        • Event API
        • Navigation via JavaScript
        • JavaScript form helpers
      • Ajax in the backend
      • Backend layout
      • Backend routing
      • Backend user object
      • Broadcast channels
      • Button components
      • Clipboard
      • Context-sensitive menus
      • Using Custom Permission Options
      • Links to Edit Records
      • Backend login form API
    • Caching
      • Quick start for integrators
      • Configuration
      • Caching framework architecture
      • Cache frontends
      • Cache backends
      • Developer information
    • System categories
    • Console commands (CLI)
      • Tutorial
    • Content Elements & Plugins
      • Introduction
      • Create a custom content element type
      • Custom data processors
      • Create plugins
      • Configure custom backend preview for content element
      • Add content elements to the Content Element Wizard
      • Best practices
    • Content Security Policy
    • Context API and Aspects
    • Country API
    • Crop Variants for Images
      • General Configuration
      • Crop variants configuration per content element
    • Data Formats
      • T3DataStructure
        • Elements
        • Sheet References
        • Parsing a Data Structure
    • Database (Doctrine DBAL)
      • Introduction
      • Configuration
      • Database structure
      • Upgrade table and field definitions
      • Basic create, read, update, and delete operations (CRUD)
      • Class overview
      • ConnectionPool
      • Query builder
      • Connection
      • Expression builder
      • Restriction builder
      • Result
      • Middleware
      • Various tips and tricks
    • Debugging
    • Dependency injection
    • Deprecation
    • Directory structure
      • Legacy installations: Directory structure
    • Enumerations & bitsets
      • How to use enumerations
      • How to use bitsets
    • Environment
    • Error and exception handling
      • Configuration
      • Error Handler
      • Production Exception Handler
      • Debug exception handler
      • Examples
      • How to extend the error and exception handling
    • Events and hooks
      • Extending the TYPO3 Core
      • Event dispatcher (PSR-14 events)
      • Event list
        • Backend
          • AfterBackendPageRenderEvent
          • AfterFormEnginePageInitializedEvent
          • AfterHistoryRollbackFinishedEvent
          • AfterPageColumnsSelectedForLocalizationEvent
          • AfterPagePreviewUriGeneratedEvent
          • AfterPageTreeItemsPreparedEvent
          • AfterRecordSummaryForLocalizationEvent
          • BeforeFormEnginePageInitializedEvent
          • BeforeHistoryRollbackStartEvent
          • BeforeModuleCreationEvent
          • BeforePagePreviewUriGeneratedEvent
          • BeforeSearchInDatabaseRecordProviderEvent
          • CustomFileControlsEvent
          • IsContentUsedOnPageLayoutEvent
          • IsFileSelectableEvent
          • ModifyAllowedItemsEvent
          • ModifyClearCacheActionsEvent
          • ModifyDatabaseQueryForContentEvent
          • ModifyDatabaseQueryForRecordListingEvent
          • ModifyEditFormUserAccessEvent
          • ModifyFileReferenceControlsEvent
          • ModifyFileReferenceEnabledControlsEvent
          • ModifyGenericBackendMessagesEvent
          • ModifyImageManipulationPreviewUrlEvent
          • ModifyInlineElementControlsEvent
          • ModifyInlineElementEnabledControlsEvent
          • ModifyLinkExplanationEvent
          • ModifyLinkHandlersEvent
          • ModifyNewContentElementWizardItemsEvent
          • ModifyPageLayoutContentEvent
          • ModifyPageLayoutOnLoginProviderSelectionEvent
          • ModifyQueryForLiveSearchEvent
          • ModifyRecordListHeaderColumnsEvent
          • ModifyRecordListRecordActionsEvent
          • ModifyRecordListTableActionsEvent
          • ModifyResultItemInLiveSearchEvent
          • PageContentPreviewRenderingEvent
          • RenderAdditionalContentToRecordListEvent
          • SwitchUserEvent
          • SystemInformationToolbarCollectorEvent
        • Core
          • Authentication
            • AfterGroupsResolvedEvent
            • AfterUserLoggedInEvent
            • AfterUserLoggedOutEvent
            • BeforeRequestTokenProcessedEvent
            • BeforeUserLogoutEvent
            • LoginAttemptFailedEvent
          • Cache
            • CacheFlushEvent
            • CacheWarmupEvent
          • Configuration
            • AfterFlexFormDataStructureIdentifierInitializedEvent
            • AfterFlexFormDataStructureParsedEvent
            • AfterTcaCompilationEvent
            • BeforeFlexFormDataStructureIdentifierInitializedEvent
            • BeforeFlexFormDataStructureParsedEvent
            • ModifyLoadedPageTsConfigEvent
            • SiteConfigurationBeforeWriteEvent
            • SiteConfigurationLoadedEvent
          • Core
            • BootCompletedEvent
          • DataHandling
            • AppendLinkHandlerElementsEvent
            • IsTableExcludedFromReferenceIndexEvent
          • Database
            • AlterTableDefinitionStatementsEvent
          • Domain
            • AfterRecordLanguageOverlayEvent
            • BeforePageLanguageOverlayEvent
            • BeforeRecordLanguageOverlayEvent
            • RecordAccessGrantedEvent
          • Html
            • BrokenLinkAnalysisEvent
          • Mail
            • AfterMailerInitializationEvent
            • AfterMailerSentMessageEvent
            • BeforeMailerSentMessageEvent
          • Package
            • AfterPackageActivationEvent
            • AfterPackageDeactivationEvent
            • BeforePackageActivationEvent
            • PackagesMayHaveChangedEvent
          • Page
            • BeforeJavaScriptsRenderingEvent
            • BeforeStylesheetsRenderingEvent
          • Password policy
            • EnrichPasswordValidationContextDataEvent
          • Resource
            • AfterDefaultUploadFolderWasResolvedEvent
            • AfterFileAddedEvent
            • AfterFileAddedToIndexEvent
            • AfterFileCommandProcessedEvent
            • AfterFileContentsSetEvent
            • AfterFileCopiedEvent
            • AfterFileCreatedEvent
            • AfterFileDeletedEvent
            • AfterFileMarkedAsMissingEvent
            • AfterFileMetaDataCreatedEvent
            • AfterFileMetaDataDeletedEvent
            • AfterFileMetaDataUpdatedEvent
            • AfterFileMovedEvent
            • AfterFileProcessingEvent
            • AfterFileRemovedFromIndexEvent
            • AfterFileRenamedEvent
            • AfterFileReplacedEvent
            • AfterFileUpdatedInIndexEvent
            • AfterFolderAddedEvent
            • AfterFolderCopiedEvent
            • AfterFolderDeletedEvent
            • AfterFolderMovedEvent
            • AfterFolderRenamedEvent
            • AfterResourceStorageInitializationEvent
            • AfterVideoPreviewFetchedEvent
            • BeforeFileAddedEvent
            • BeforeFileContentsSetEvent
            • BeforeFileCopiedEvent
            • BeforeFileCreatedEvent
            • BeforeFileDeletedEvent
            • BeforeFileMovedEvent
            • BeforeFileProcessingEvent
            • BeforeFileRenamedEvent
            • BeforeFileReplacedEvent
            • BeforeFolderAddedEvent
            • BeforeFolderCopiedEvent
            • BeforeFolderDeletedEvent
            • BeforeFolderMovedEvent
            • BeforeFolderRenamedEvent
            • BeforeResourceStorageInitializationEvent
            • EnrichFileMetaDataEvent
            • GeneratePublicUrlForResourceEvent
            • ModifyFileDumpEvent
            • ModifyIconForResourcePropertiesEvent
            • SanitizeFileNameEvent
          • Security
            • InvestigateMutationsEvent
            • PolicyMutatedEvent
          • Tree
            • ModifyTreeDataEvent
          • TypoScript
            • AfterTemplatesHaveBeenDeterminedEvent
            • EvaluateModifierFunctionEvent
        • Extbase
          • Configuration
            • BeforeFlexFormConfigurationOverrideEvent
          • Mvc
            • AfterRequestDispatchedEvent
            • BeforeActionCallEvent
          • Persistence
            • AfterObjectThawedEvent
            • EntityAddedToPersistenceEvent
            • EntityPersistedEvent
            • EntityRemovedFromPersistenceEvent
            • EntityUpdatedInPersistenceEvent
            • ModifyQueryBeforeFetchingObjectDataEvent
            • ModifyResultAfterFetchingObjectDataEvent
        • ExtensionManager
          • AfterExtensionDatabaseContentHasBeenImportedEvent
          • AfterExtensionFilesHaveBeenImportedEvent
          • AfterExtensionStaticDatabaseContentHasBeenImportedEvent
          • AvailableActionsForExtensionEvent
        • Filelist
          • ModifyEditFileFormDataEvent
          • ProcessFileListActionsEvent
        • Frontend
          • AfterCacheableContentIsGeneratedEvent
          • AfterCachedPageIsPersistedEvent
          • AfterLinkIsGeneratedEvent
          • AfterPageAndLanguageIsResolvedEvent
          • AfterPageWithRootLineIsResolvedEvent
          • BeforePageIsResolvedEvent
          • FilterMenuItemsEvent
          • ModifyCacheLifetimeForPageEvent
          • ModifyHrefLangTagsEvent
          • ModifyPageLinkConfigurationEvent
          • ModifyResolvedFrontendGroupsEvent
          • ShouldUseCachedPageDataIfAvailableEvent
        • FrontendLogin
          • BeforeRedirectEvent
          • LoginConfirmedEvent
          • LoginErrorOccurredEvent
          • LogoutConfirmedEvent
          • ModifyLoginFormViewEvent
          • PasswordChangeEvent
          • SendRecoveryEmailEvent
        • Impexp
          • BeforeImportEvent
        • Info
          • ModifyInfoModuleContentEvent
        • Install
          • ModifyLanguagePackRemoteBaseUrlEvent
          • ModifyLanguagePacksEvent
        • Linkvalidator
          • BeforeRecordIsAnalyzedEvent
          • ModifyValidatorTaskEmailEvent
        • Lowlevel
          • ModifyBlindedConfigurationOptionsEvent
        • Redirects
          • AfterAutoCreateRedirectHasBeenPersistedEvent
          • BeforeRedirectMatchDomainEvent
          • ModifyAutoCreateRedirectRecordBeforePersistingEvent
          • ModifyRedirectManagementControllerViewDataEvent
          • RedirectWasHitEvent
          • SlugRedirectChangeItemCreatedEvent
        • Seo
          • ModifyUrlForCanonicalTagEvent
        • Setup
          • AddJavaScriptModulesEvent
        • Workspaces
          • AfterCompiledCacheableDataForWorkspaceEvent
          • AfterDataGeneratedForWorkspaceEvent
          • AfterRecordPublishedEvent
          • GetVersionedDataEvent
          • ModifyVersionDifferencesEvent
          • SortVersionedDataEvent
      • Hooks
      • JavaScript Event API
        • Regular event
        • Debounce event
        • Throttle event
        • RequestAnimationFrame event
    • File abstraction layer (FAL)
      • Introduction
      • Basic concepts
      • Architecture
        • Overview
        • Folders
        • Database structure
        • Components
        • PSR-14 Events
      • Administration
        • Permissions
        • File storages
        • Maintenance
      • Using FAL
        • Using FAL in the Frontend
        • TCA Definition
        • The StorageRepository Class
        • Working With files, folders and file references
        • Working With Collections
        • Searching for files
      • File collections
    • Custom file processors
    • Flash messages
      • Flash messages API
      • Flash messages in Extbase
      • Flash messages renderer
      • JavaScript-based flash messages (Notification API)
    • FlexForms
    • Fluid
      • Introduction to Fluid
      • Fluid syntax
      • Using Fluid in TYPO3
      • cObject ViewHelper
      • Property additionalAttributes
      • Developing a custom ViewHelper
      • ViewHelper reference
    • FormEngine
      • Introduction
      • Main rendering workflow
      • Data compiling
      • Rendering
    • Form protection tool
    • Global values
      • Constants
    • Icon API
    • Link handling
      • Link handler configuration
      • LinkBrowser API
      • The LinkHandler API
        • The PageLinkHandler
        • The RecordLinkHandler
        • Implementing a custom LinkHandler
        • Events to modify link handler
      • Core link handler
      • Frontend link builder
      • LinkBrowser Tutorials
        • Browse records of a table
        • Create a custom link browser
    • Localization
      • Introduction
      • Supported languages
      • Managing translations
      • Translation servers
        • Localization with Crowdin
          • Extension integration
          • Online translation with Crowdin
          • Workflow
          • Frequently asked questions (FAQ)
        • Custom translation servers
      • Localization API
        • LanguageService
        • LanguageServiceFactory
        • Locale
        • LocalizationUtility (Extbase)
      • XLIFF Format
      • Working with XLIFF files
    • Locking API
    • Logging
      • Quickstart
      • Logger
      • Configuration of the logging system
      • The LogRecord model
      • Log writers
      • Log processors
    • Mail API
    • Message bus
    • Mount points
    • Namespaces
    • Page types
      • Introduction
      • Types of pages
      • X-Redirect-By header for pages with redirect types
      • Create new Page Type
    • Pagination
    • Parsing HTML
    • Password hashing
      • Troubleshooting
    • Password policies
    • Request Life Cycle
      • TYPO3 request attributes
        • Application type
        • Current content object
        • Frontend controller
        • Frontend TypoScript
        • Frontend user
        • Language
        • Module
        • ModuleData
        • Nonce
        • Normalized parameters
        • Route
        • Routing
        • Site
        • Target
      • Bootstrapping
      • Middlewares (Request handling)
      • TYPO3 request object
        • Application type
        • Current content object
        • Frontend controller
        • Frontend TypoScript
        • Frontend user
        • Language
        • Nonce
        • Normalized parameters
        • Routing
        • Site
        • Application type
        • Module
        • ModuleData
        • Nonce
        • Normalized parameters
        • Route
        • Site
        • Target
    • Routing - "Speaking URLs" in TYPO3
      • Introduction to Routing
      • Page based Routing
      • Advanced routing configuration (for extensions)
      • Extending Routing
      • Collection of various routing examples
    • Rich text editors (RTE)
      • CKEditor Rich Text Editor
      • Rendering in the Frontend
      • Rich text editors in the TYPO3 backend
        • Introduction
        • Plugging in a custom RTE
      • Rich Text Editors (RTE) in the TYPO3 frontend
        • Including a Rich Text Editor (RTE) in the frontend
      • RTE Transformations
        • Introduction
        • Transformation overview
      • Historical Perspective on RTE Transformations
        • Properties and Transformations
        • RTE Transformations in Content Elements
    • Search engine optimization (SEO)
      • Canonical API
      • MetaTag API
      • Page title API
      • XML sitemap
    • Services
      • Introduction
      • Using Services
        • Service precedence
        • Simple usage
        • Use with subtypes
        • Calling a chain of services
      • Configuration
        • Override service registration
        • Service configuration
        • Service type configuration
      • Developer's Guide
        • Introducing a new service type
        • Implementing a service
        • Service API
        • Services API
    • Session handling in TYPO3
      • User session management
      • Session storage framework
    • Site handling
      • Basics
      • Creating a new site configuration
      • Base variants
      • Adding Languages
      • Error handling
        • Page-based error handler
        • Fluid-based error handler
        • Writing a custom page error handler
      • Writing a custom page error handler
      • Static routes
      • Using environment variables in the site configuration
      • Using site configuration in TypoScript and Fluid templates
      • Using site configuration in conditions
      • Using site configuration in TCA foreign_table_where
      • Site settings
      • CLI tools for site handling
      • PHP API: accessing site configuration
      • Extending site configuration
    • Soft references
    • Symfony expression language
    • System registry
    • TSFE
    • TCE (TYPO3 Core engine) & DataHandler
      • Introduction
      • Database: DataHandler basics (Formerly Known as TCEmain)
      • Using the DataHandler in scripts
      • The "/record/commit" Route
      • File Functions Basics
      • The "tce_file.php" API
    • Webhooks and reactions
    • Versioning and Workspaces
    • XCLASSes (Extending Classes)
  • Coding Guidelines
    • Introduction
    • PHP Coding Guidelines
      • PHP File Formatting
        • General Requirements for PHP Files
        • File Structure
        • PHP Syntax Formatting
        • Using phpDoc
      • PHP Architecture
        • Modeling Cross Cutting Concerns
          • Static Methods, static Classes, Utility Classes
          • Traits
          • Services
        • Working With Exceptions
        • General Links
      • Coding: Best practices
        • Accessing the Database
        • Singletons
        • Static Methods
        • Localization
        • Unit Tests
        • Handling Deprecation
        • Namespaces and Class Names of User Files
        • Hook Naming
    • JavaScript Coding Guidelines
    • TypeScript Coding Guidelines
    • TypoScript Coding Guidelines
    • TSconfig Coding Guidelines
    • Xliff Coding Guidelines
    • Yaml Coding Guidelines
    • reStructuredText (reST)
  • Configuration
    • Configuration overview
    • Glossary
    • Configuration files
    • Configuration module
    • Feature toggles
    • $GLOBALS
    • TYPO3_CONF_VARS
      • BE - backend configuration
      • DB - Database connections
      • EXT - Extension manager configuration
      • FE - frontend configuration
      • GFX - graphics configuration
      • HTTP - tune requests
      • LOG - Logging configuration
      • MAIL settings
      • SYS - System configuration
    • Global meta information about TYPO3
    • TypoScript
      • Introduction
      • Syntax
        • Identifiers
        • Code blocks
        • Operators
        • Comments
        • Conditions
        • File imports
      • Frontend TypoScript
      • TSconfig
      • PHP API
      • Myths and FAQ
    • User settings configuration
      • ['columns'] Section
      • ['showitem'] section
      • Extending the user settings
      • View the configuration
    • YAML
      • YAML API
      • YAML syntax
      • Services.yaml
  • Extension development
    • Concepts
      • Introduction
      • System, third-party and custom extensions
      • Further reading
    • File structure
      • composer.json
      • ext_conf_template.txt
      • ext_emconf.php
      • ext_localconf.php
      • ext_tables.php
      • ext_tables.sql
      • ext_tables_static+adt.sql
      • ext_typoscript_constants.typoscript
      • ext_typoscript_setup.typoscript
      • Classes
      • Configuration
        • Backend
        • Extbase
          • Persistence
        • TCA
        • TsConfig
        • TypoScript
        • ContentSecurityPolicies.php
        • Icons.php
        • page.tsconfig
        • RequestMiddlewares.php
        • Services.yaml
      • Documentation
      • Resources
        • Private
          • Language
        • Public
      • Tests
    • Howto
      • Backend modules
        • Backend GUI
        • Backend module configuration
        • Create a backend module with Core functionality
        • Create a backend module with Extbase
        • TypoScript configuration of modules
        • Module data object
        • Toplevel modules
        • Third-level modules / module functions
        • ModuleProvider API
        • Tutorials
      • Events
      • Extending the TCA array
        • Storing the changes
        • Customization Examples
        • Verifying the TCA
      • Frontend plugin
      • Localization
        • Multi-language Fluid templates
        • Localization in PHP
        • TypoScript
      • Publish your extension
        • Publish your extension in the TER
      • HTTP requests to external sources
      • Update your extension for new TYPO3 versions
        • Extension scanner
        • Upgrade wizards
          • The concept of upgrade wizards
          • Creating upgrade wizards
      • Configuration
      • Creating a new distribution
      • Creating a new extension
      • Custom Extension Repository
      • Adding documentation
      • Extension management
    • Extbase
      • Extbase introduction
      • Extbase reference
        • Model / Domain
          • Model
          • Persistence
          • Repository
          • Validator
        • Controller
          • ActionController
          • Error action
          • Property mapping
          • Type converters
        • View
        • URI builder (Extbase)
        • Registration of frontend plugins
        • TypoScript configuration
        • Annotations
        • Validation
        • Caching
        • Localization
      • Extbase Examples
    • Best practises and conventions
      • Choosing an extension key
      • Naming conventions
      • Configuration Files (ext_tables.php & ext_localconf.php)
      • Software Design Principles
    • Tutorials
      • Kickstart an Extension
        • Make
          • Create a new backend controller
          • Create a new console command
        • Sitepackage Builder
          • Minimal extension
      • Tea in a nutshell
        • Create an extension
        • Create a directory structure
        • Model: a bag of tea
        • Repository
        • Controller
      • Extension development with Extbase
  • Security guidelines
    • Introduction
    • The TYPO3 Security Team
    • General Information
    • Types of Security Threats
    • General guidelines
    • Guidelines for System Administrators
      • Role Definition
      • Integrity of TYPO3 Packages
      • File/directory permissions
      • Restrict access to files on a server-level
      • Disable directory indexing
      • File extension handling
      • Content security policy
      • Database access
      • Encrypted Client/server Communication
      • Other Services
      • Further Actions
    • Guidelines for extension development
    • Guidelines for TYPO3 integrators
      • Install tool
      • Global TYPO3 configuration options
      • Security-related warnings after login
      • Reports and logs
      • Users and access privileges
      • TYPO3 extensions
      • TypoScript
      • Content elements
    • Guidelines for editors
    • Backup strategy
    • Detect, analyze and repair a hacked site
      • Detect a hacked website
      • Take the website offline
      • Analyzing a hacked site
      • Repair/restore
      • Further actions
  • Testing
    • History
    • Core testing
    • Extension testing
    • Project testing
    • Writing unit tests
    • Writing functional tests
    • Writing acceptance tests
    • FAQ
  • About This Manual
  • Sitemap
  • Index

PAGE CONTENTS

  • Security-related warnings after login
  1. Start
  2. Security guidelines
  3. Guidelines for TYPO3 integrators
  4. Security-related warnings after login
View source How to edit Edit on GitHub

Display settings


Color scheme of code blocks:


Security-related warnings after login¶

A TYPO3 integrator is responsible for the correct configuration of the TYPO3 system. Usually, an integrator has administrator privileges and logs in to the backend from time to time or regularly. If a user with administrator privileges accesses the system, TYPO3 triggers some basic system checks and shows an error or warning message in a box right after the login.

These checks are for example: administrator user name and password (e.g. does the user still use the default password?), Install Tool password, etc.

If you, as an TYPO3 integrator, should ever come across those warnings, react immediately and update the appropriate setting (e.g. change the password).

  • Previous
  • Next
  • Home
  • Contact
  • Issues
  • Repository

Page last updated: Oct 04, 2023 16:37

Last rendered: Oct 04, 2023 16:43

  • TYPO3 Theme 4.9.0
  • DRC v3.2.1
© Copyright since 2012 by the TYPO3 contributors
  • Legal Notice
  • Privacy Policy
  • Code of Conduct