[development] Drupal 5.x Installation is Bad!
Drupal Indonesia
support at drupal-id.com
Wed Oct 11 07:28:52 UTC 2006
Now, how can Drupal 4.7.3 create tabel for me if the db username has no rights to create table? Isn't that a security risk?
Or just remove the db username (with create DB rights) after fresh installation. Simply.
----- Original Message -----
From: Amr Mostafa
To: development at drupal.org
Sent: Wednesday, October 11, 2006 3:11 PM
Subject: Re: [development] Drupal 5.x Installation is Bad!
Technically, it's impossible for installer to create database for you UNLESS you provide it with username and password of the superuser (e.g. root).
After installation, it stores the superuser name and password in a config file to remember them later whenever it wants to connect to the database. This is bad security, it leaves your superuser information out somewhere. Due to a security bug in ANY application running under apache, someone could be able to read your config file and steal your superuser information.
Drupal strives for ease of use but without affecting security.
On 10/11/06, Drupal Indonesia <support at drupal-id.com > wrote:
Hi,
I just try 5.x CVS version and very sad that the installation procedure can't
create the Database for me! Unlike Joomla, this is very sad.
Does core dev have plan to make it better (easier)?
Regards.
------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.2/471 - Release Date: 10/10/2006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20061011/e2088f33/attachment.htm
More information about the development
mailing list