Michal Čihař a écrit :
Hi
Dne Mon, 10 Nov 2008 08:37:16 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
I have always disliked the "config" directory that we use as a workspace for setup purposes. Beside needing a manual creation and renaming and specific rights, many users do not grasp the concept because other OSS use a config directory to store the effective configuration. This is why I suggest to get rid of it, for 3.1.0-beta2 :)
The config directory is there to allow safe way of storing settings on server. It has to be manually created by user, because it can have security implications if setup script is not password protected (what is not by default). Furthermore it is useful for integration in distribution - eg. Debian creates config directory automatically and password protects setup - you can configure phpMyAdmin over web without any additional effort.
Hi Michal, I don't see why it would be less safe if the setup script asks FTP or SFTP credentials and uses this to load and store the config file.
Instead, we could use cURL or FTP extensions to load and store the configuration directly in the main directory. FTP credentials would be passed to the interface and used for setup purposes.
This still does not solve problem for all users, as some hostings have only scp/sftp (similar to web services on sourceforge). And you can hardly do this from PHP.
With http://ca.php.net/manual/en/function.ssh2-sftp.php ?
However having it as an option could be a possibility.