[development] let's cleanup /misc

Darrel O'Pry dopry at thing.net
Thu Jan 5 17:26:47 UTC 2006


On Thu, 2006-01-05 at 11:53 -0500, Theodore Serbinski wrote:
> Ber,
> 
> So let me start it off, the new directory structure should:
> 
> 1. Improve the security of a Drupal install by keeping all files
> private, except for an index.php, no module or include files should be
> accessible from a web browser


How would moving the files make them anymore protected than the current
htaccess method? It would also break module compartmentalization by
requiring module specific css to be moved out side of a modules folder.
I don't even care if users can view the files as long as they can't
modify them. after all they can download them from drupal.org and search
for vulnerabilities all they want.

> 
> 2. Core modules and includes should be completely seperated from extra
> downloaded modules and themes. This should make backing up things
> easier, as you only have to back up your "custom" folder instead of
> all of the main Drupal ones

This is something I brought up in a best practices thread. Drupal is
already capable of this, its a part of the multisite features.

You can use sites/example.com/themes and sites/example.com/modules.

> 3. The new structure should be multisite friendly. There should *not*
> be one files folder, but rather multiple ones, for multiple sites. You
> don't want that pr0n site on your multsite sharing the same images as
> your core business website, do you? ;-)

This is also possible... you just have to change the files path to 
sites/example.com/files. 

> Please add/revise to this so we can reach a consensus on this soon enough.

I think pleasantly enough drupal already has a lot of these features. So
the work is more a matter of changing the default recommendations and
documentation.. I personally think every drupal install should be viewed
as a multisite install. and configured as a multisite install, so there
is only 1 recommended way to setup drupal, instead of this single site,
multisite contention.

The only change to the sites(modules,themes) handling I can think of
would be sites/default(themes and modules) being shared across all sites
so you don't have to put anything contrib in the modules folder. And can
maintain a clean based drupal install and only have to worry about the
sites folder.

> Ber, once we arrive at this, the next step would be to take your RoR
> structure and go through and adjust so the above criteria are met.
> After that, we setup a patch to implement this, and then commit.
> 
> If we get this early in on the next release cycle, we'll have plenty
> of time to make tweaks and adjust things as development moves forward.
> Not only that, but it'll give us developers lots of time with the new
> structure as we work on our other patches.
> 
> ted (m3avrck)
> 
> 
> On 1/5/06, Bèr Kessels <ber at webschuur.com> wrote:
> > Op zaterdag 31 december 2005 16:09, schreef Dries Buytaert:
> > > I'm OK with making such changes as soon consensus is reached.
> > Okay, but how to reach that consensus? I am a bit afraid that if we want to
> > reach this on the development ML, we won't reach this at all. :/



More information about the development mailing list