[development] let's cleanup /misc

Karoly Negyesi karoly at negyesi.net
Thu Jan 5 17:41:44 UTC 2006

> 1. Improve the security of a Drupal install by keeping all files
> private, except for an index.php, no module or include files should be
> accessible from a web browser

This will not increase security. If .htaccess can not protect you, why  
would this? And how would we ship the tarball...? Untar this half below  
documentroot and index.php to documentroot...? /me shakes head

> 2. Core modules and includes should be completely seperated from extra
> downloaded modules and themes. This should make backing up things
> easier, as you only have to back up your "custom" folder instead of
> all of the main Drupal ones

Sure thing, use site/default/modules and site/default/themes for your own  
modules and themes. No need to change core.

> 3. The new structure should be multisite friendly. There should *not*
> be one files folder, but rather multiple ones, for multiple sites. You
> don't want that pr0n site on your multsite sharing the same images as
> your core business website, do you? ;-)

Opsie, what I suggested is multisite.

> Please add/revise to this so we can reach a consensus on this soon  
> enough.

You need to convince me that the current is not good. I tell you, this is  
not easy.



More information about the development mailing list