[development] Drupal 5.x Installation is Bad!

Karoly Negyesi karoly at negyesi.net
Wed Oct 11 09:01:38 UTC 2006

> > It's not really hard to have an installer that does everything for
> > you, but you will need to give it ultimate privilege which is bad
> > security wise. Drupal tries to balance things.
> >
> simply remove the superuser after the DB has created. isn't that easy? 

Yes and no. You forget that often you do not have the privileges to create a database from a PHP script but you need to do it from a control panel. This would lead to more complex documentation and more complex code.

I have seen cases when I own the server and yet only my sysadmin has the MySQL su password for valid security reasons.

And often, the database is there -- one account, one database. 

All in all, I do not see the need for database creation code.



More information about the development mailing list