On 10/11/06, Greg Knaddison - GVS <Greg@growingventuresolutions.com> wrote:
On 10/11/06, Drupal Indonesia <support@drupal-id.com> wrote:
Here: 1. On the installation screen say: "You must enter a db username with creating DB rights, otherwise please create the DB first"
If they enter the db username that has "create database" permissions into the screen they are most likely doing it http. So, it's passed along in plain text. Yikes.
This brings back the discussion of two $db_url. Or perhaps $db_url as we know it today (minus drop database, create database, and perhaps minus create table, drop table too), in addition to $admin_db_url which has all privileges including those super users ones. If it is edited in the settings.php, it would not be visible to anyone, but defeats the idea of entering it in a web form so as to avoid passing the password in the clear. Hmmmm ....