Re: [development] Drupal 5.x Installation is Bad!
On 10/11/2006 2:28:52 AM, Drupal Indonesia (support@drupal-id.com) wrote:
Now, how can Drupal 4.7.3 create tabel for me if the db username has no rights to create table? Isn't that a security risk? Or just remove the db username (with create DB rights) after fresh installation. Simply.
Creating tables and creating databases are two totally different animals. As said in other responses, creating a database takes a higher class of user. On my host, creating a DB must be done through their version of cPanel so Drupal couldn't do it anyway. Plus, you don't always want Drupal to use a new database. Many people use a DB that's shared with other apps. I think the installer in 5.x is a great improvement as it creates the _tables_ for you. That's a much harder task than making a database, especially if you use prefixes. Not creating the DB doesn't make it bad at all. Michelle
On 10/11/2006 2:28:52 AM, Drupal Indonesia (support@drupal-id.com) wrote:
Now, how can Drupal 4.7.3 create tabel for me if the db username has no rights to create table? Isn't that a security risk? Or just remove the db username (with create DB rights) after fresh installation. Simply.
Creating tables and creating databases are two totally different animals. As said in other responses, creating a database takes a higher class of user. On my host, creating a DB must be done through their version of cPanel so Drupal couldn't do it anyway. Plus, you don't always want Drupal to use a new database. Many people use a DB that's shared with other apps.
I think the installer in 5.x is a great improvement as it creates the _tables_ for you. That's a much harder task than making a database, especially if you use prefixes. Not creating the DB doesn't make it bad at all.
Michelle
Hi Michelle, The solution is very simple, but we must agree first that the new installation should be as easy as possible while the security concern still the best :) Here: 1. On the installation screen say: "You must enter a db username with creating DB rights, otherwise please create the DB first" 2. Step #2: Drupal installation checks if the DB is exists, if not then create the DB. Simple, right? This is not new techno, I see many CMSs have feature to create DB.
On 10/11/06, Drupal Indonesia <support@drupal-id.com> wrote:
Here: 1. On the installation screen say: "You must enter a db username with creating DB rights, otherwise please create the DB first"
If they enter the db username that has "create database" permissions into the screen they are most likely doing it http. So, it's passed along in plain text. Yikes. Greg -- Greg Knaddison | Growing Venture Solutions Denver, CO | http://growingventuresolutions.com Technology Solutions for Communities, Individuals, and Small Businesses
On 10/11/06, Greg Knaddison - GVS <Greg@growingventuresolutions.com> wrote:
On 10/11/06, Drupal Indonesia <support@drupal-id.com> wrote:
Here: 1. On the installation screen say: "You must enter a db username with creating DB rights, otherwise please create the DB first"
If they enter the db username that has "create database" permissions into the screen they are most likely doing it http. So, it's passed along in plain text. Yikes.
This brings back the discussion of two $db_url. Or perhaps $db_url as we know it today (minus drop database, create database, and perhaps minus create table, drop table too), in addition to $admin_db_url which has all privileges including those super users ones. If it is edited in the settings.php, it would not be visible to anyone, but defeats the idea of entering it in a web form so as to avoid passing the password in the clear. Hmmmm ....
Greg Knaddison - GVS wrote:
On 10/11/06, Drupal Indonesia <support@drupal-id.com> wrote:
Here: 1. On the installation screen say: "You must enter a db username with creating DB rights, otherwise please create the DB first"
If they enter the db username that has "create database" permissions into the screen they are most likely doing it http. So, it's passed along in plain text. Yikes.
Greg
Um, uid=1 and everyone else already logs in with plain text. and you have to use uid=1 to update your site, so just never using that account is not an option (unless you hack update.php, which puts in an 'expert' class as we aren't really talking about that class of admins now). there is actually nothing one can do with the DB password alone. you still have to break the server some other way in order to interact with the DB. we shouldn't just show DB password for fun, but one web form during install is acceptable IMO, and in the opinions of other web app makers. i agree that having drupal create the DB for those that want it is a great next step. if you don't like that feature, don't use it. experienced drupal admins are quite likely to skip the whole installer, IMO. this is all 6.0 stuff, so lets not spend too much time on it now. we have to get 5.0 bugs shaken out first. -moshe
On 12 Oct 2006, at 04:43, Moshe Weitzman wrote:
i agree that having drupal create the DB for those that want it is a great next step. if you don't like that feature, don't use it. experienced drupal admins are quite likely to skip the whole installer, IMO.
I, too, agree that creating the database would be a really nice feature to have. People can choose to use it, or not. We're just giving people more choice. -- Dries Buytaert :: http://www.buytaert.net/
Just a friendly little reminder that CivicSpace has been shipping Drupal with an installer since late 2004, almost twenty months now. If you are serious about these issues there are hundreds of hours of engineering, prototyping, re-engineering, and actual user testing from the tens of thousands of downloads, in every cheap hosting and custom environment you can imagine. I don't necessarily remember all the decisions that were made based on user feedback and testing but there are pretty good logs and code available in the SVN for those who care to re-visit. Of course, there's also reasons why we stopped working on that code and built the installer for Drupal 5.0 ;-) http://svn.civicspacelabs.org/viewcvs.cgi/csl/trunk/install.php?view=log So read the 80-100 commit messages and you'll find that you'll save yourself a lot of time in suggesting improvements. Cheers, Kieran CivicSpace On Oct 11, 2006, at 7:43 PM, Moshe Weitzman wrote:
Greg Knaddison - GVS wrote:
On 10/11/06, Drupal Indonesia <support@drupal-id.com> wrote:
Here: 1. On the installation screen say: "You must enter a db username with creating DB rights, otherwise please create the DB first" If they enter the db username that has "create database" permissions into the screen they are most likely doing it http. So, it's passed along in plain text. Yikes. Greg
Um, uid=1 and everyone else already logs in with plain text. and you have to use uid=1 to update your site, so just never using that account is not an option (unless you hack update.php, which puts in an 'expert' class as we aren't really talking about that class of admins now).
there is actually nothing one can do with the DB password alone. you still have to break the server some other way in order to interact with the DB. we shouldn't just show DB password for fun, but one web form during install is acceptable IMO, and in the opinions of other web app makers.
i agree that having drupal create the DB for those that want it is a great next step. if you don't like that feature, don't use it. experienced drupal admins are quite likely to skip the whole installer, IMO.
this is all 6.0 stuff, so lets not spend too much time on it now. we have to get 5.0 bugs shaken out first.
-moshe
participants (7)
-
Dries Buytaert -
Drupal Indonesia -
Greg Knaddison - GVS -
Khalid B -
Kieran Lal -
Michelle Cox -
Moshe Weitzman