[development] Sympal script / module Fetcher as profile enhancement

Bèr Kessels ber at webschuur.com
Tue Mar 27 08:15:17 UTC 2007

Op dinsdag 27 maart 2007 10:02, schreef Jean-Marie Renouard:
> The moduleFectcher is able to catch module from the official Drupal
> web site and install it into the directory tree.
> There is several issues I know about security around such a process
> and I am agree from it.

The solution for the biggest secutity issue, in this system, is that you don't 
have to rnu it from the web. 

The security issue is: If your web-application can write (to) itself, you have 
a severe security hole. 
Hence: If your website can install and run modules and code itself you have a 

sympal scripts is ran from the CLI.

And no! That does not mean "but but but Joe User Does Not Know the CLI".:)  It 
is meant to be fired from scripts that are ran from secure applications (on 
the web). Such as webmin, plesk, or your dedicated 
System-Admin-Drupal-Installation, running off a separare webserver. 

The way I use it, is trough a script that I run from my desktop. It allows me 
to install modules w/o spending any time on the servers CLI. We still have 
plans to merge this into webmin, but until now it generally works fine 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.drupal.org/pipermail/development/attachments/20070327/dc014ad1/attachment.pgp 

More information about the development mailing list