[development] Drupal 5.x Installation is Bad!

Amr Mostafa amr.mostafa at gmail.com
Wed Oct 11 07:11:53 UTC 2006


Technically, it's impossible for installer to create database for you UNLESS
you provide it with username and password of the superuser (e.g. root).
After installation, it stores the superuser name and password in a config
file to remember them later whenever it wants to connect to the database.
This is bad security, it leaves your superuser information out somewhere.
Due to a security bug in ANY application running under apache, someone could
be able to read your config file and steal your superuser information.

Drupal strives for ease of use but without affecting security.

On 10/11/06, Drupal Indonesia <support at drupal-id.com> wrote:
>
> Hi,
>
> I just try 5.x CVS version and very sad that the installation procedure
> can't
> create the Database for me! Unlike Joomla, this is very sad.
> Does core dev have plan to make it better (easier)?
>
> Regards.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20061011/3c6768df/attachment.htm 


More information about the development mailing list