DEPRECATION WARNING
This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.
EXT: Security Check¶
Author: | Axel Jung |
---|---|
Created: | 2006-08-22T17:16:00 |
Changed by: | Axel Jung |
Changed: | 2007-01-10T18:13:11 |
Author: | Axel Jung |
Email: | info@jung-newmedia.de |
Info 3: | |
Info 4: |
EXT: Security Check¶
Extension Key: security_check
Copyright 2066, Axel Jung, <info@jung-newmedia.de>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.com
Introduction¶
This Extension pass some Security Checks on your Typo3 Installation. It does not check the Code. It only check the human Mistakes.
What does it do?¶
- Php Ini Check
- Test if the Setting open_basedir is set
- Is the PHP Setting "error_log" is set?
- Is the PHP Setting "register_globals" off?
- Is the PHP Setting "display_errors" off?
- Is the PHP Setting "magic_quotes_gpc" off?
- Database Check
- Test the access to mysql config Database
- Test the Host Restrictions of the Mysql User
- Test the Mysql User passwords
- loacalconf
- Is the encryptionkey set?
- Are the Filerights on creation of new Files to hight?
- Are the Filerights on creation of new Folder to hight?
- Is the Installtool Password changed?
- Is the Option lockSSL active?
- Is the Security level the highest?
- Is a Warning E-Mail Address inserted?
- Is the Session Timeout to hight?
- Is the SQL-Debug Feature disabled?
- Is the Display of Errors disabled?
- Is the Option to install global Extension disabled?
- Is the Flag "disable_exec_function" activated?
- Is the Option to edit of Extensions disabled?
- Backend Access
- Is the access to Typo3 Backend protected?
- Is the access to Typo3 Install Tool protected?
- Files Check
- Are there Backup Files on the Server?
- Are there CVS Files on the Server?
- Are there Files without Extension on the Server?
- Are there CVS Files on the Server?
- Are there Readme Files on the Server?
- Are there Subversion Files on the Server?
- Typo3
- Is the standard Password used?
- Checks if insecure Extensions loaded.
- Is Typo3 up to Date?
- External Tools
- Search PHP-Info Outputs.
- File rights
- Checks the Rights of Folders.
- Checks the Rights of Files.
Adminstration¶
To install use the extension manager.
To-Do¶
- Check the 404 Handling
- Check the mod spelling
- Check the PHP Version
- Check the Error Level
Change Log¶
- 0.1.4
- Differs between System and Local Extensions
- Add French Translation
EXT: Security Check - 3