Platinum sponsors
Extension Key: doc_guide_security
Language: en
Version: 1.0.0
Keywords: security forEditors forAdmins forDevelopers forBeginners forIntermediates forAdvanced
Copyright 2011, Documentation Team <documentation@typo3.org>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.org
Official Documentation
This document is included as part of the official TYPO3 documentation. It has been approved by the TYPO3 Documentation Team following a peer-review process. The reader should expect the information in this document to be accurate - please report discrepancies to the Documentation Team (documentation@typo3.org). Official documents are kept up-to-date to the best of the Documentation Team's abilities.
Guide
This document is a Guide. Guides are designed to familiarize a reader with a specific topic in order to provide a working knowledge of that particular process. Readers should peruse the guide from cover to cover in order to gain a practical overview of the process. Once completed, the Guide becomes a practical reference tool that a reader will refer to as needed. Guides offer advice on how best to achieve a given task.
Security is taken very seriously by the developers of TYPO3 and especially by the members of the official TYPO3 Security Team. It is also in the interest of system administrators, website owners, editors and everybody who is responsible for a TYPO3 site, to protect the site and its content against various threats.
This document describes some typical risks and advises on how to protect a TYPO3 site in order to ensure it is and stays secure and stable. It also explains how the TYPO3 Security Team deals with incidents, how security bulletins and security updates are published and how system administrators should react when their system has been compromised.
This document intends to replace the "TYPO3 Security Cookbook" published in 2006, without being a simple checklist but a comprehensive guide how to ensure security of a TYPO3 instance.
It is important to understand that security is not a condition – security is a process with ongoing tasks and regular reviews are essential.
In 2006 Ekkehard Guembel and Michael Hirdes published a document "TYPO3 Security Cookbook". It was a concise, technical guide for system administrators to secure TYPO3 installations.
Over the years TYPO3 has become increasingly popular and thousands of websites worldwide are powered by TYPO3. There was a need to update and expand the Security Cookbook and to include information for non-technical users.
We would like to thank Ekkehard Guembel and Michael Hirdes for writing the TYPO3 Security Cookbook. Thanks to the TYPO3 Security Team for their work for the TYPO3 project. A special thank goes to Frank Esser for his books and articles on PHP security, Jochen Weiland for an initial foundation and Michael Schams for compiling the content in this document and coordinating the collaboration between several teams. He managed the whole process of getting this Security Guide to a high quality.
For general questions about the documentation get in touch by writing to documentation@typo3.org.
If you find a bug in this document, please file an issue at it's bug tracker: http://forge.typo3.org/projects/typo3v4-doc_guide_security
If you would like to report a security issue in a TYPO3 extension or the TYPO3 core system, please report it to the TYPO3 Security Team. Please refrain from making anything public before an official fix is released. Read more about the process of incident handling by the TYPO3 Security Team in the next chapter.
This document is intended for all users of TYPO3, from editors to system administrators, from TYPO3 integrators to software developers. The TYPO3 Security Guide is an essential lecture for everyone who works with TYPO3 and who is responsible for a publicly accessible TYPO3 site in particular.
