Currently this script requires write access to the TYPO3 root directory (normally web site root). This is bad requirements from security view. Only fileadmin/, typo3temp/, typo3conf/ and uploads/ directory should be writable by web server.

wec_servercheck.php wants to create tmp/ in the TYPO3 root directory. TYPO3 discourages such actions. If you need to put temporary data somewhere, it should be in typo3temp/.

Currently wec_servercheck.php cannot be used if user/admin follow security best practices (restricts permissions as much as possible). In fact, this script forces admins to make TYPO3 less secure.

* * *

I will not monitor this thread. If WEC team needs more info, contact me directly, please.

Dmitry,

I think we can make this change. In the mean time, you could probably make the change fairly easily yourself. Just remove the part that creates the tmp/ directory and change references to tmp/ to typo3temp/. Note: the script is designed to work prior to an installation of TYPO3.

In Him,
Mark