[development] Drupal 5.x Installation is Bad!

Metzler, David metzlerd at evergreen.edu
Thu Oct 12 15:29:54 UTC 2006

>If they enter the db username that has "create database" permissions
into the screen
> they are most likely doing it http.  So, it's passed along in plain
text.  Yikes. 

I'd agree that this is the right approach - asking for a dba username
and password on the install form. 

Whereas this is technically true that the passwords go in clear text,
that isn't always a problem. You wouldn't want to do this if you were
talking to a remote hosting company that didn't provide you SSL certs,
but if the server were in your company, inside a firewall, this isn't
any different that how most remote database management tools behave
(e.g. PGADMIN III, mysqladmin, etc)  

It's already been pointed out that most internet remote hosting
companies wouldn't allow you to do this using the drupal provided tool
anyway.... so....

I say +1 to database creation with a form provided dba username and
password, especially if we put a little warning on the form.  (Don't do
this if your remote managing across the internet). 

More information about the development mailing list