[development] install should optionally create the database

Kieran Lal kieran at civicspacelabs.org
Thu Oct 12 21:08:10 UTC 2006 

Just a friendly little reminder that CivicSpace has been shipping  
Drupal with an installer since late 2004, almost twenty months now.   
If you are serious about these issues there are hundreds of hours of  
engineering, prototyping, re-engineering, and actual user testing  
from the tens of thousands of downloads, in every cheap hosting and  
custom environment you can imagine.

I don't necessarily remember all the decisions that were made based  
on user feedback and testing but there are pretty good logs and code  
available in the SVN for those who care to re-visit.  Of course,  
there's also reasons why we stopped working on that code and built  
the installer for Drupal 5.0 ;-)

http://svn.civicspacelabs.org/viewcvs.cgi/csl/trunk/install.php?view=log

So read the 80-100 commit messages and you'll find that you'll save  
yourself a lot of time in suggesting improvements.

Cheers,
Kieran
CivicSpace


On Oct 11, 2006, at 7:43 PM, Moshe Weitzman wrote:

> Greg Knaddison - GVS wrote:
>> On 10/11/06, Drupal Indonesia <support at drupal-id.com> wrote:
>>> Here:
>>> 1. On the installation screen say: "You must enter a db username  
>>> with creating
>>> DB rights, otherwise please create the DB first"
>> If they enter the db username that has "create database" permissions
>> into the screen they are most likely doing it http.  So, it's passed
>> along in plain text.  Yikes.
>> Greg
>
> Um, uid=1 and everyone else already logs in with plain text. and  
> you have to use uid=1 to update your site, so just never using that  
> account is not an option (unless you hack update.php, which puts in  
> an 'expert' class as we aren't really talking about that class of  
> admins now).
>
> there is actually nothing one can do with the DB password alone.  
> you still have to break the server some other way in order to  
> interact with the DB. we shouldn't just show DB password for fun,  
> but one web form during install is acceptable IMO, and in the  
> opinions of other web app makers.
>
> i agree that having drupal create the DB for those that want it is  
> a great next step. if you don't like that feature, don't use it.  
> experienced drupal admins are quite likely to skip the whole  
> installer, IMO.
>
> this is all 6.0 stuff, so lets not spend too much time on it now.  
> we have to get 5.0 bugs shaken out first.
>
> -moshe
>

More information about the development mailing list