[development] Sympal script / module Fetcher as profile enhancement
Bèr Kessels
ber at webschuur.com
Tue Mar 27 08:15:17 UTC 2007
Op dinsdag 27 maart 2007 10:02, schreef Jean-Marie Renouard:
> The moduleFectcher is able to catch module from the official Drupal
> web site and install it into the directory tree.
>
> There is several issues I know about security around such a process
> and I am agree from it.
The solution for the biggest secutity issue, in this system, is that you don't
have to rnu it from the web.
The security issue is: If your web-application can write (to) itself, you have
a severe security hole.
Hence: If your website can install and run modules and code itself you have a
problem.
sympal scripts is ran from the CLI.
And no! That does not mean "but but but Joe User Does Not Know the CLI".:) It
is meant to be fired from scripts that are ran from secure applications (on
the web). Such as webmin, plesk, or your dedicated
System-Admin-Drupal-Installation, running off a separare webserver.
The way I use it, is trough a script that I run from my desktop. It allows me
to install modules w/o spending any time on the servers CLI. We still have
plans to merge this into webmin, but until now it generally works fine
enough.
Bèr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20070327/dc014ad1/attachment.pgp
More information about the development
mailing list