[development] install should optionally create the database
kbullock at ringworld.org
Thu Oct 12 19:06:43 UTC 2006
Replies below, somewhat re-ordered.
Moshe Weitzman wrote:
> Later in this post you approve of optionally letting the installer
> create a DB. Would be more productive to start the post with this
> opinion. Why start so negative?
Perhaps I've overemphasized this; I apologize. I did however start with
this point deliberately, because it was the most important one I was
trying to make, and here's why:
Even allowing the *option* of the DB-root-at-localhost password to fly
across a plaintext channel is, in my estimation, a security breach.
I.e., if Drupal implemented the create-db-in-install feature that way, I
wouldn't allow my users to install Drupal without first patching that
Now, I also hoped to point out that there is a way of letting the
installer create the database *without* using a DBA password, at least
on MySQL. Does this also extend to PostgreSQL? Would it work on (at
least some) shared-host providers?
> Let's avoid submitting -1 or +1 on things that haven't even been
Sorry, consider that '-1' stricken from the record.
> You are the first person to
> mention *requiring* a DBA password.
Well, by that I was referring to a previous poster's suggestion that
seemed to require a DBA password to optionally create the database from
the installer. I didn't mean to say that the *installer* would *require*
a DBA password to work.
pacem in terris / mir / shanti / salaam / heiwa
Kevin R. Bullock
More information about the development