Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2012-12-06 15:01:00

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,538
Website GitHub Twitter

[contrib] Improve install by creating config.php on the fly

Hi

I made a little test on creation of config.php file using php, i make modification for index.php on setup directory and tested it on local and on hostgator hosting, that worked, but i am not a ninja coder and the code i put is very basic and need probably improvement.

You can grab it on github

you can see the diff there.

All comments are welcome, i hope that we can find a solution for that, because it s the last thing annoying me when installing txp.

Cheers

Offline

#2 2012-12-06 16:46:15

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: [contrib] Improve install by creating config.php on the fly

One person’s annoyance is the other person’s security measure: Requiring out-of-band access like FTP or ssh for a complete setup reliably prevents rogue installations by unauthorized parties.

Offline

#3 2012-12-06 21:17:02

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,538
Website GitHub Twitter

Re: [contrib] Improve install by creating config.php on the fly

Thanks for comments Robert, like i said i am an occasional coder.

For sure if this is only a one person annoyance i can deal with it ;)

But i suspect that there is more people interested in an easier install process.

But if you think that this cause more problems than has benefit forget it.

I want to know how other CMS do the same things without security problems?

Cheers

Offline

#4 2012-12-06 22:02:39

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: [contrib] Improve install by creating config.php on the fly

Dragondz wrote:

I want to know how other CMS do the same things without security problems?

You kinda do not. They expect that the user installs the system and doesn’t forget it lying on a publicly accessible location. If Textpattern did create the config file automatically, and you left the installation just there, anyone could ultimately run any server side code on the server — given that you are able to connect to some MySQL database.

Last edited by Gocom (2012-12-06 22:05:25)

Offline

#5 2012-12-07 13:27:52

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,538
Website GitHub Twitter

Re: [contrib] Improve install by creating config.php on the fly

Gocom a écrit:

You kinda do not. They expect that the user installs the system and doesn’t forget it lying on a publicly accessible location. If Textpattern did create the config file automatically, and you left the installation just there, anyone could ultimately run any server side code on the server — given that you are able to connect to some MySQL database.

Hi Jukka

There is a lot of if statement in your message ;)

Making a red message about deleting the setup forlder or maybe better put à button to erase it after the installation can be enough no? if someone dont follow the security advice by the software it s his own problem not ours!

anyway like i said if other users are ok with the installation process like it s now just let it like inchanged.

Cheers

Offline

Board footer

Powered by FluxBB