.. include:: /Includes.rst.txt .. index:: Security guidelines; Administrators .. _security-administrators: ==================================== Guidelines for System Administrators ==================================== General Rules ============= #. Subscribe to the "TYPO3 Announce" mailing list at https://lists.typo3.org, so that you are informed about TYPO3 security bulletins and TYPO3 updates. #. React as soon as possible and update the relevant components of the site(s) when new vulnerabilities become public (e.g. security issues published in the mailing list). #. Use different passwords for the Install Tool and the backend login. Follow the guidelines for secure passwords in this document. #. If you are administrating several TYPO3 installations, use different passwords for all logins and components for every installation. #. Never use the same password for a TYPO3 installation and any other service such as `FTP`, `SSH`, etc. #. Change the username and password of the "admin" account after the installation of TYPO3 immediately. #. If you are also responsible for the setup and configuration of TYPO3, follow the steps for TYPO3 integrators carefully, documented in the next chapter. Further topics ============== Please see the chapters below for further security related topics of interest for administrators: .. toctree:: :titlesonly: RoleDefinition IntegrityOfTypo3Packages FileDirectoryPermissions RestrictAccessToFiles DirectoryIndexing FileExtensionHandling ContentSecurityPolicy DatabaseAccess EncryptedCommunication OtherServices FurtherActions