On Wed, Sep 17, 2008 at 2:31 PM, Brendan Borlase <[EMAIL PROTECTED]> wrote: > On Wed, Sep 17, 2008 at 1:07 PM, Matt Read <[EMAIL PROTECTED]> wrote: >> >> Recently one person ran into a problem where his Sqlite DB was deleted >> by accident, which triggered the installer to run and allowed someone >> to install a new instance of Habari. This could also happen if the DB >> server goes down. Would it be a good idea to have a constant which you >> can define in config.php to disable the installer to prevent >> situations like this? or would that possibly cause confusion for >> users? >> >> define( 'DISABLE_INSTALLER', true ); > > Perhaps as part of the install, would it not be prudent to 'disable' > any further > installs by default? Would it be a complex task to 'disable' the installer > once > successfully run? > > That way, a user has to do *something* other than fill in a form in order to > re-install (e.g. edit the config file) should the sqlite DB go missing . > > Less of an issue for a Postgresl or mySQL given anyone re-running the > install script would need credentials to create/ edit the DB. Still. It's a > good > security measure. > > +1 >
Just thinking about it, that would also stop potential 'site hijacking' (by pointing Habari at an external DB server and serving content from there instead). Brendan Borlase [EMAIL PROTECTED] → http://www.atomicninjalabs.com. --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
