Hi Robert, good point to put this warning also in admin backend. Will plan add it to system health check! And you are absolutely right. Consumers are definitely not the right audience for this kind of message!
However: This warning to be shown in frontend is intended. The idea behind it: When you setup a shop/update it. You/shop owners will absolutely make at least a quick test of shop frontend and will recognize the ugly, red and flashy warning. And as they do not want their customers to see that, they will remove update app. Goal reached! This comes from daily experience we have here in support. If you like: spend some days here at OXID support and you will see what we see often: Access to servers only via root access (ssh), unprotected phpMyAdmin at http://www.anyshop.de/phpmyadmin, admin backends wit standard access data, ... You can extend the list with every security sin you can imagine :( As far we are able to: We try to force customers to security. Many times we unfortunately fail. Guess where the ideas for our security tips (http://wiki.oxidforge.org/Tutorials/Best_Practice_Security_Actions) come from...? Regards and all the best for 2011 for all of you! Ralf Von: [email protected] [mailto:[email protected]] Im Auftrag von anzido GmbH Gesendet: Mittwoch, 29. Dezember 2010 14:11 An: OXID eSales AG, dev-general Betreff: [oxid-dev-general] updateApp warning message [T-O8VKTSAZSO-37] Hello, when performing a shop update and copying the updateApp into the shop, then the shop frontend shows a red warning message, telling everybody that the updateApp folder should be deleted. I think this security warning belongs into the OXIDforge documentation and (along with the system health warnings) into the admin area, but not into the frontend. Letting an updateApp lying around in a shop may be a security leak, but I believe that the shop's customers are not the correct audience for this (at least not until after some period of grace after the shop owner has been informed). Beste Grüße aus Dortmund! Robert Rosendahl | Entwicklung u. Support -- anzido GmbH Kirchhörder Str. 12 44229 Dortmund Tel.: 0231 - 60 71 079 Fax.: 0231 - 60 71 081 Mobil:0176 - 8325 1488 Email: [email protected]<mailto:[email protected]> Web: http://www.anzido.com<http://www.anzido.com/> USt-ID: DE257982972 Geschäftsführung: Andreas Ziethen Amtsgericht Dortmund HRB 20883
_______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
