[development] SQLite and Drupal 7 -- third coming
Chris Johnson
cxjohnson at gmail.com
Wed Feb 4 16:23:08 UTC 2009
>From a security point of view, any time the web server process has
write access to any directory or file, it makes me nervous. For this
SQLite scheme to work, obviously the web server process will have to
be able to create and update the file in which the SQLite database
resides. This seems like it provides another possible vector for
exploits. Tell me how we will protect against such attacks.
..chris
On Wed, Feb 4, 2009 at 10:02 AM, Damien Tournoud <damz at prealable.org> wrote:
> Hi all,
>
> I'm all with chx on this one, supposing we manage to actually make it works.
> Main advantages:
>
> - the registry is local, we don't need to retrieve a big blob of cached data
> at each request. This is far more efficient for cluster scenarios, (by the
> way, the same could/should apply to the locale cache, which is currently
> nearly a 1MB blob of data, fetch from the database server at *each* request)
>
> - the bootstrap process will be simpler and more efficient. Currently, we
> can't guarantee that users or developpers will not see difficult to debug
> error messages or exceptions. Our autoloader is just not robust enough,
> because it has to fetch registry data from the database - hence initialize
> the database) before anything else.
>
> - we will be able to design database less scenarios. Drupal available right
> out of the box, with advanced installation profiles. That could lower a lot
> the barrier to entry of the software.
>
> Now to more answers:
>
> On Wed, Feb 4, 2009 at 4:32 PM, Ronald Ashri <ronald at istos.it> wrote:
>>
>> 1. If I am a new Drupal user that just wants to install the thing and do
>> usual stuff will this SQLite issue ever cross my radar? Will I notice it
>> exists? (let's assume that my host setup supports it and I don't have to
>> change anything myself)
>
> No. That should be perfectly transparent to you. Just properly configure the
> files directory and everything will be done for you.
>
>>
>> 2. If I am a web developer putting together Drupal sites everyday will
>> this help me put them together sites any faster?
>
> Yes. See above.
>
>> 3. Will it help me save a site if a user messes things up? Will it help
>> with upgrading to a new version of Drupal?
>
> Not really.
>
>>
>> 4. Will I need to touch it when I add or remove a module?
>
> No. The process should be completely transparent to you.
>
> Damien Tournoud
>
>
More information about the development
mailing list