[development] let's cleanup /misc

vlado vlado at dikini.net
Wed Jan 11 09:16:03 UTC 2006


> Until/unless Drupal has a fully-managed module package manager (installer), 
> Group By Resource Type is only going to make managing a Drupal install 
> insanely harder.  The security issues should be solved some other, less 
> painful way.

110% agree with this statement

The only really security sensitive file(s) in drupal is settings.php
That can be out outside of the web server tree, but I think at this
point in time this should be optional. Some of the ways to enhance the
flexibility of the fs earlier can be employed, without sacrificing
complexity. This option should be considered for use by "clued up"
users. Which automatically gives rise to the question - if they are
clued up, do they need it anyway - it prevents leaks from misconfigured
serever confings.



More information about the development mailing list