DEPRECATION WARNING

This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.

EXT: Security Check

Author:Axel Jung
Created:2006-08-22T17:16:00
Changed by:Axel Jung
Changed:2007-01-10T18:13:11
Author:Axel Jung
Email:info@jung-newmedia.de
Info 3:
Info 4:

EXT: Security Check

Extension Key: security_check

Copyright 2066, Axel Jung, <info@jung-newmedia.de>

This document is published under the Open Content License

available from http://www.opencontent.org/opl.shtml

The content of this document is related to TYPO3

- a GNU/GPL CMS/Framework available from www.typo3.com

Table of Contents

EXT: Security Check 1

Introduction 1

What does it do? 1

Adminstration 2

To-Do 2

Introduction

This Extension pass some Security Checks on your Typo3 Installation. It does not check the Code. It only check the human Mistakes.

What does it do?

  • Php Ini Check
  • Test if the Setting open_basedir is set
  • Is the PHP Setting "error_log" is set?
  • Is the PHP Setting "register_globals" off?
  • Is the PHP Setting "display_errors" off?
  • Is the PHP Setting "magic_quotes_gpc" off?
  • Database Check
  • Test the access to mysql config Database
  • Test the Host Restrictions of the Mysql User
  • Test the Mysql User passwords
  • loacalconf
  • Is the encryptionkey set?
  • Are the Filerights on creation of new Files to hight?
  • Are the Filerights on creation of new Folder to hight?
  • Is the Installtool Password changed?
  • Is the Option lockSSL active?
  • Is the Security level the highest?
  • Is a Warning E-Mail Address inserted?
  • Is the Session Timeout to hight?
  • Is the SQL-Debug Feature disabled?
  • Is the Display of Errors disabled?
  • Is the Option to install global Extension disabled?
  • Is the Flag "disable_exec_function" activated?
  • Is the Option to edit of Extensions disabled?
  • Backend Access
  • Is the access to Typo3 Backend protected?
  • Is the access to Typo3 Install Tool protected?
  • Files Check
  • Are there Backup Files on the Server?
  • Are there CVS Files on the Server?
  • Are there Files without Extension on the Server?
  • Are there CVS Files on the Server?
  • Are there Readme Files on the Server?
  • Are there Subversion Files on the Server?
  • Typo3
  • Is the standard Password used?
  • Checks if insecure Extensions loaded.
  • Is Typo3 up to Date?
  • External Tools
  • Search PHP-Info Outputs.
  • File rights
  • Checks the Rights of Folders.
  • Checks the Rights of Files.

Adminstration

To install use the extension manager.

To-Do

  • Check the 404 Handling
  • Check the mod spelling
  • Check the PHP Version
  • Check the Error Level

Change Log

  • 0.1.4
  • Differs between System and Local Extensions
  • Add French Translation

img-1 EXT: Security Check - 3