Work Package #49943
Security
Status: | Accepted | Start date: | 2013-10-03 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Andreas Förthner | % Done: | 100% |
|
Category: | - | Spent time: | - | |
Target version: | 1.0 beta 1 |
Description
Defining the TYPO3 Neos Security Policy¶
- Target Audience: everyone using Neos
- Responsible: Andreas Förthner, Helmut Hummel
- Implemented by: Andreas Förthner, Helmut Hummel
- Version: must have for 1.0
Motivation¶
There are lots of vulnerabilities in the Neos backend currently. In order to provide a secure product and avoid security issues and thereby distrust from users, we need to invest time in securing it.
Goal¶
In order to deliver a secure release we need to fix known security issues and tests if there are others.
Deliverables¶
- Policy for restricting access to controller actions
Not part of this work package:¶
- Content security for nodes (see #45010)
- Since editors have access to the html node type, we will not check any XSS, which can be introduced by editors
Subtasks
Associated revisions
[TASK] Grant widget controllers to "Everybody"
Change-Id: Ib7b601a51141877be106ad12699c35f79643aa8e
Resolves: #49943
Reviewed-on: https://review.typo3.org/24328
Reviewed-by: Karsten Dambekalns
Tested-by: Karsten Dambekalns
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Andreas Förthner
Tested-by: Andreas Förthner
History
#1 Updated by Aske Ertmann about 2 years ago
- Tracker changed from Task to Work Package
#2 Updated by Andreas Förthner almost 2 years ago
- Status changed from New to Accepted
- Assigned To set to Andreas Förthner
#3 Updated by Andreas Förthner almost 2 years ago
- Subject changed from [WIP][Assignee missing] Security to Security
#4 Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/24328
#5 Updated by Andreas Förthner almost 2 years ago
- Status changed from Accepted to Resolved
- % Done changed from 0 to 100
Applied in changeset commit:928944201b34ecc0fdae48fff85078f3bc2d19d8.
#6 Updated by Andreas Förthner almost 2 years ago
- Status changed from Resolved to Accepted