[development] RFC: letting modules phone home to check for new releases

Sammy Spets sammys-drupal at synerger.com
Wed Nov 22 01:54:23 UTC 2006 

While I agree with Derek about the security issues there can be 
ways around it.

For example, functions that perform the update do so only when a file
(in the site root directory) contains some random characters chosen by
the system for that upgrade session. The file must be manually created
prior to the upgrade though a way to generate the file is provided. The
administrator can only download to their computer and then upload to
server.

Derek is absolutely wright (sic) that security is a BIG issue. I'd also 
not use it without measures similar to the above.

Cheers,

-- 
Sammy Spets
Synerger Pty Ltd
http://synerger.com

On 21-Nov-06 17:25, Derek Wright wrote:
> 
> On Nov 21, 2006, at 10:13 AM, Oswald Jaskolla wrote:
> 
> >So, what do you think?
> 
> i hope you don't take this personally, by i'm *very* opposed to the  
> kind of system you're building.
> 
> the security implications of giving your website permission to  
> overwrite itself automatically are *HORRIFYING*.  i'd never install  
> such a thing, and i'd never advocate anyone else should install such  
> a thing.
> 
> 
> the kind of system i'm building is just an automated way to tell the  
> human site admins: "your code is out of date" (and if true, "and  
> insecure") and nag them mercilessly until they upgrade the stale  
> module(s) to the latest, secure version(s).  it's still the human's  
> task to perform the upgrade itself.
> 
> this manual upgrade could itself be further automated, but a high- 
> privileged admin user must run this automated script themselves, just  
> like they have to run update.php themselves.  building and providing  
> a tool that can "do it all" for you is asking for security hell, and  
> therefore defeats the purpose of what i'm trying to accomplish (make  
> it easier and therefore more likely for drupal sites to remain secure).
> 
> 
> anyway, i'm willing to coordinate, and further discuss design/ 
> implementation issues, but i can't emphasize enough how bad i think a  
> fully-automated system for upgrading a drupal site would be.
> 
> maybe i'm misunderstanding your design/proposal, but after re-reading  
> your message a few times, it's pretty clear you're marching down the  
> path towards what i'd consider "the dark side". ;)
> 
> sorry,
> -derek
> 
> 
>

More information about the development mailing list