Replies below, somewhat re-ordered. Moshe Weitzman wrote:
Later in this post you approve of optionally letting the installer create a DB. Would be more productive to start the post with this opinion. Why start so negative?
Perhaps I've overemphasized this; I apologize. I did however start with this point deliberately, because it was the most important one I was trying to make, and here's why: Even allowing the *option* of the DB-root-at-localhost password to fly across a plaintext channel is, in my estimation, a security breach. I.e., if Drupal implemented the create-db-in-install feature that way, I wouldn't allow my users to install Drupal without first patching that feature out.</rant> Now, I also hoped to point out that there is a way of letting the installer create the database *without* using a DBA password, at least on MySQL. Does this also extend to PostgreSQL? Would it work on (at least some) shared-host providers?
Let's avoid submitting -1 or +1 on things that haven't even been proposed.
Sorry, consider that '-1' stricken from the record.
You are the first person to mention *requiring* a DBA password.
Well, by that I was referring to a previous poster's suggestion that seemed to require a DBA password to optionally create the database from the installer. I didn't mean to say that the *installer* would *require* a DBA password to work. -- pacem in terris / mir / shanti / salaam / heiwa Kevin R. Bullock