[development] Drupal 5.x Installation is Bad!
Khalid B
kb at 2bits.com
Thu Oct 12 02:26:27 UTC 2006
On 10/11/06, Greg Knaddison - GVS <Greg at growingventuresolutions.com> wrote:
> On 10/11/06, Drupal Indonesia <support at drupal-id.com> wrote:
> > Here:
> > 1. On the installation screen say: "You must enter a db username with creating
> > DB rights, otherwise please create the DB first"
>
> If they enter the db username that has "create database" permissions
> into the screen they are most likely doing it http. So, it's passed
> along in plain text. Yikes.
This brings back the discussion of two $db_url. Or perhaps $db_url as
we know it today (minus drop database, create database, and perhaps
minus create table, drop table too), in addition to $admin_db_url which
has all privileges including those super users ones.
If it is edited in the settings.php, it would not be visible to anyone, but
defeats the idea of entering it in a web form so as to avoid passing
the password in the clear.
Hmmmm ....
More information about the development
mailing list