10 Nov
2008
10 Nov
'08
12:55 p.m.
Michal Čihař a écrit :
With http://ca.php.net/manual/en/function.ssh2-sftp.php ?
Hi
Dne Mon, 10 Nov 2008 08:37:16 -0500
Marc Delisle <Marc.Delisle(a)cegepsherbrooke.qc.ca> napsal(a):
Hi Michal,
I don't see why it would be less safe if the setup script asks FTP or
SFTP credentials and uses this to load and store the config file.
I have always disliked the "config"
directory that we use as a workspace
for setup purposes. Beside needing a manual creation and renaming and
specific rights, many users do not grasp the concept because other OSS
use a config directory to store the effective configuration. This is why
I suggest to get rid of it, for 3.1.0-beta2 :)
The config directory is there to allow safe way of storing settings on
server. It has to be manually created by user, because it can have
security implications if setup script is not password protected (what
is not by default). Furthermore it is useful for integration in
distribution - eg. Debian creates config directory automatically and
password protects setup - you can configure phpMyAdmin over web without
any additional effort. Instead, we could use cURL or FTP extensions to
load and store the
configuration directly in the main directory. FTP credentials would be
passed to the interface and used for setup purposes.
This still does not solve problem for all users, as some hostings have
only scp/sftp (similar to web services on sourceforge). And you can
hardly do this from PHP.
However having it as an option could be a possibility.