Security Guide

Copyright © by Official Documentation <documentation@no spam pleasetypo3.org>
Published under the Open Content License available from http://www.opencontent.org/opl.shtml

Table Of Contents

• 1. TYPO3 Security Guide
  • 1.1. Introduction
    • About this document
    • History
    • Credits
    • Feedback
    • Target audience
  • 1.2. The TYPO3 Security Team
    • Contact information
    • Incident handling
  • 1.3. General Information
    • TYPO3 versions and lifecycle
    • Difference between core and extensions
    • Announcement of updates and security fixes
    • Security bulletins
  • 1.4. Types of Security Threats
    • Information disclosure
    • Identity theft
    • SQL injection
    • Code injection
    • Authorization bypass
    • Cross Site Scripting (XSS)
    • Cross Site Request Forgery (XSRF)
  • 1.5. General Guidelines
    • Secure passwords
    • Operating system and browser version
    • Communication
    • React quickly
    • Keep TYPO3 extensions up-to-date
  • 1.6. Guidelines for System Administrators
    • Role definition
    • General rules
    • Integrity of TYPO3 packages
    • File/directory permissions
    • Restrict access to files on a server-level
    • Directory indexing
    • Database access
    • Encrypted client/server communication
    • Other services
    • Further actions
  • 1.7. Guidelines for TYPO3 Integrators
    • Role definition
    • General rules
    • Install Tool
    • Encryption key
    • Global TYPO3 configuration options
    • Security-related warnings after login
    • Reports and Logs
    • Backend users and access privileges
    • TYPO3 extensions
    • TypoScript
    • Content elements
  • 1.8. Guidelines for Editors
    • Role definition
    • General rules
    • Backend access
    • Restriction to required functions
    • Secure connection
    • Logout
  • 1.9. Backup Strategy
    • Components included in the backups
    • Time plan and retention time
    • Backup location
    • Further considerations
  • 1.10. Detect, Analyze and Repair a Hacked Site
    • Detect a hacked website
    • Take the website offline
    • Analyze
    • Repair/restore
    • Further actions

This document is related to version 1.0.0 of the extension doc_guide_security.