Hi
Dne Mon, 10 Nov 2008 09:55:39 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
I don't see why it would be less safe if the setup script asks FTP or SFTP credentials and uses this to load and store the config file.
It would not be less safe (if implemented properly), but it is much more work and it can not work in many cases (as a example look at SF web services, AFAIK you can not open any network connection there).
Instead, we could use cURL or FTP extensions to load and store the configuration directly in the main directory. FTP credentials would be passed to the interface and used for setup purposes.
This still does not solve problem for all users, as some hostings have only scp/sftp (similar to web services on sourceforge). And you can hardly do this from PHP.
1. It is an external module, so it is usually not available. 2. You need to handle keys, fingerprints and all other crap manually. It is doable, but it is lot of code to make it properly.
I'm not against adding additional ways to put config to the server, but now it's IMHO too late in release cycle to add big amount of new code and we should not drop current option to simply save config to precreated directory.