Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
[contrib] Improve install by creating config.php on the fly
Hi
I made a little test on creation of config.php file using php, i make modification for index.php on setup directory and tested it on local and on hostgator hosting, that worked, but i am not a ninja coder and the code i put is very basic and need probably improvement.
You can grab it on github
you can see the diff there.
All comments are welcome, i hope that we can find a solution for that, because it s the last thing annoying me when installing txp.
Cheers
Offline
Re: [contrib] Improve install by creating config.php on the fly
One person’s annoyance is the other person’s security measure: Requiring out-of-band access like FTP or ssh for a complete setup reliably prevents rogue installations by unauthorized parties.
Offline
Re: [contrib] Improve install by creating config.php on the fly
Thanks for comments Robert, like i said i am an occasional coder.
For sure if this is only a one person annoyance i can deal with it ;)
But i suspect that there is more people interested in an easier install process.
But if you think that this cause more problems than has benefit forget it.
I want to know how other CMS do the same things without security problems?
Cheers
Offline
Re: [contrib] Improve install by creating config.php on the fly
Dragondz wrote:
I want to know how other CMS do the same things without security problems?
You kinda do not. They expect that the user installs the system and doesn’t forget it lying on a publicly accessible location. If Textpattern did create the config file automatically, and you left the installation just there, anyone could ultimately run any server side code on the server — given that you are able to connect to some MySQL database.
Last edited by Gocom (2012-12-06 22:05:25)
Offline
Re: [contrib] Improve install by creating config.php on the fly
Gocom a écrit:
You kinda do not. They expect that the user installs the system and doesn’t forget it lying on a publicly accessible location. If Textpattern did create the config file automatically, and you left the installation just there, anyone could ultimately run any server side code on the server — given that you are able to connect to some MySQL database.
Hi Jukka
There is a lot of if statement in your message ;)
Making a red message about deleting the setup forlder or maybe better put à button to erase it after the installation can be enough no? if someone dont follow the security advice by the software it s his own problem not ours!
anyway like i said if other users are ok with the installation process like it s now just let it like inchanged.
Cheers
Offline