Task #32311
Mention warning_email_addr and warning_mode too
| Status: | Resolved | Start date: | 2011-12-06 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Michael Schams | % Done: | 100% |
|
| Category: | - | |||
| Target version: | 1.0.2 |
Description
The Install Tool options warning_email_addr and warning_mode should be mentioned too.
They help to detect an attack early.
Associated revisions
[TASK] Document warning_email_addr and warning_mode
The Install Tool options "warning_email_addr" and "warning_mode" should
be explained as security measures, too. They possibly help to detect a
hack attempt.
Resolves: #32311
Change-Id: I8187cf638e2f36d73f90a99da63c05ece82b5251
History
#1 Updated by Michael Schams over 3 years ago
- Status changed from New to Under Review
- Assigned To set to Michael Schams
For our reference:
[warning_email_addr]
Email address that will receive notification whenever an attempt to login to the Install Tool is made and that will also receive warnings whenever more than 3 failed backend login attempts (regardless of user) are detected within an hour.
[warning_mode]
Bit 1: If set, warning_email_addr will be notified every time a backend user logs in. Bit 2: If set, warning_email_addr will be notified every time an ADMIN backend user logs in. Other bits are reserved for future options.
#2 Updated by Michael Schams almost 3 years ago
- Status changed from Under Review to Accepted
- Target version set to 1.0.2
Check, if this is still valid for TYPO3 version 6.x and if so, document these settings.
#3 Updated by Michael Schams over 2 years ago
- % Done changed from 0 to 40
Description in TYPO3 6.0 RC2:
warning_email_addr
Email address that will receive notification whenever an attempt to login to the Install Tool is made and that will also receive warnings whenever more than 3 failed backend login attempts (regardless of user) are detected within an hour.
warning_mode
Bit 1: If set, warning_email_addr will be notified every time a backend user logs in. Bit 2: If set, warning_email_addr will be notified every time an ADMIN backend user logs in. Other bits are reserved for future options.
#4 Updated by Gerrit Code Review over 2 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16795
#5 Updated by Michael Schams over 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 40 to 100
Applied in changeset 3f3a7c6def82d7e735802ba01d93862a40fc4b37.
#6 Updated by Chris topher over 2 years ago
I have slightly updated the text you added. For "warning_mode" you wrote:
If the first bit is set to 1, warning_email_addr (see above) will be notified every time a backend user logs in.
That is correct. In this case an email is sent, no matter if the backend user is an administrator or not. With other words: If the first bit is set, for each login an email is sent. Always. That's it.
And then:
If the second bit is set, an email is also [why also?] send every time an administrator backend user logs in.
I changed that to say
"If the first bit is not set [otherwise you would get an email anyway] and the second bit is set, an email is only(!) sent every time an administrator backend user logs in."
Obviously setting the second bit only makes sense, if you did not set the first bit. And in that case the text must say: "only" sent....
I will commit this change as part of #41289.