Op dinsdag 27 maart 2007 10:02, schreef Jean-Marie Renouard:
The moduleFectcher is able to catch module from the official Drupal web site and install it into the directory tree.
There is several issues I know about security around such a process and I am agree from it.
The solution for the biggest secutity issue, in this system, is that you don't have to rnu it from the web. The security issue is: If your web-application can write (to) itself, you have a severe security hole. Hence: If your website can install and run modules and code itself you have a problem. sympal scripts is ran from the CLI. And no! That does not mean "but but but Joe User Does Not Know the CLI".:) It is meant to be fired from scripts that are ran from secure applications (on the web). Such as webmin, plesk, or your dedicated System-Admin-Drupal-Installation, running off a separare webserver. The way I use it, is trough a script that I run from my desktop. It allows me to install modules w/o spending any time on the servers CLI. We still have plans to merge this into webmin, but until now it generally works fine enough. Bèr