Hi,
I have always disliked the "config" directory that we use as a workspace for setup purposes. Beside needing a manual creation and renaming and specific rights, many users do not grasp the concept because other OSS use a config directory to store the effective configuration. This is why I suggest to get rid of it, for 3.1.0-beta2 :)
Instead, we could use cURL or FTP extensions to load and store the configuration directly in the main directory. FTP credentials would be passed to the interface and used for setup purposes.
Comments?
Marc
Hi
Dne Mon, 10 Nov 2008 08:37:16 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
I have always disliked the "config" directory that we use as a workspace for setup purposes. Beside needing a manual creation and renaming and specific rights, many users do not grasp the concept because other OSS use a config directory to store the effective configuration. This is why I suggest to get rid of it, for 3.1.0-beta2 :)
The config directory is there to allow safe way of storing settings on server. It has to be manually created by user, because it can have security implications if setup script is not password protected (what is not by default). Furthermore it is useful for integration in distribution - eg. Debian creates config directory automatically and password protects setup - you can configure phpMyAdmin over web without any additional effort.
Instead, we could use cURL or FTP extensions to load and store the configuration directly in the main directory. FTP credentials would be passed to the interface and used for setup purposes.
This still does not solve problem for all users, as some hostings have only scp/sftp (similar to web services on sourceforge). And you can hardly do this from PHP.
However having it as an option could be a possibility.
Michal Čihař a écrit :
Hi
Dne Mon, 10 Nov 2008 08:37:16 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
I have always disliked the "config" directory that we use as a workspace for setup purposes. Beside needing a manual creation and renaming and specific rights, many users do not grasp the concept because other OSS use a config directory to store the effective configuration. This is why I suggest to get rid of it, for 3.1.0-beta2 :)
The config directory is there to allow safe way of storing settings on server. It has to be manually created by user, because it can have security implications if setup script is not password protected (what is not by default). Furthermore it is useful for integration in distribution - eg. Debian creates config directory automatically and password protects setup - you can configure phpMyAdmin over web without any additional effort.
Hi Michal, I don't see why it would be less safe if the setup script asks FTP or SFTP credentials and uses this to load and store the config file.
Instead, we could use cURL or FTP extensions to load and store the configuration directly in the main directory. FTP credentials would be passed to the interface and used for setup purposes.
This still does not solve problem for all users, as some hostings have only scp/sftp (similar to web services on sourceforge). And you can hardly do this from PHP.
With http://ca.php.net/manual/en/function.ssh2-sftp.php ?
However having it as an option could be a possibility.
Hi
Dne Mon, 10 Nov 2008 09:55:39 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca napsal(a):
I don't see why it would be less safe if the setup script asks FTP or SFTP credentials and uses this to load and store the config file.
It would not be less safe (if implemented properly), but it is much more work and it can not work in many cases (as a example look at SF web services, AFAIK you can not open any network connection there).
Instead, we could use cURL or FTP extensions to load and store the configuration directly in the main directory. FTP credentials would be passed to the interface and used for setup purposes.
This still does not solve problem for all users, as some hostings have only scp/sftp (similar to web services on sourceforge). And you can hardly do this from PHP.
1. It is an external module, so it is usually not available. 2. You need to handle keys, fingerprints and all other crap manually. It is doable, but it is lot of code to make it properly.
I'm not against adding additional ways to put config to the server, but now it's IMHO too late in release cycle to add big amount of new code and we should not drop current option to simply save config to precreated directory.
-
Marc Delisle -
Michal Čihař