[development] install should optionally create the database

Kevin Bullock kbullock at ringworld.org
Thu Oct 12 19:06:43 UTC 2006

Replies below, somewhat re-ordered.

Moshe Weitzman wrote:
 > Later in this post you approve of optionally letting the installer
 > create a DB. Would be more productive to start the post with this
 > opinion. Why start so negative?

Perhaps I've overemphasized this; I apologize. I did however start with 
this point deliberately, because it was the most important one I was 
trying to make, and here's why:

Even allowing the *option* of the DB-root-at-localhost password to fly 
across a plaintext channel is, in my estimation, a security breach. 
I.e., if Drupal implemented the create-db-in-install feature that way, I 
wouldn't allow my users to install Drupal without first patching that 
feature out.</rant>

Now, I also hoped to point out that there is a way of letting the 
installer create the database *without* using a DBA password, at least 
on MySQL. Does this also extend to PostgreSQL? Would it work on (at 
least some) shared-host providers?

> Let's avoid submitting -1 or +1 on things that haven't even been 
> proposed.

Sorry, consider that '-1' stricken from the record.

> You are the first person to 
> mention *requiring* a DBA password.

Well, by that I was referring to a previous poster's suggestion that 
seemed to require a DBA password to optionally create the database from 
the installer. I didn't mean to say that the *installer* would *require* 
a DBA password to work.

pacem in terris / mir / shanti / salaam / heiwa
Kevin R. Bullock

More information about the development mailing list