The drop is always movingYou know that saying about standing on the shoulders of giants? Drupal is standing on a huge pile of midgetsAll content management systems suck, Drupal just happens to suck less.Popular open source software is more secure than unpopular open source software, because insecure software becomes unpopular fast. [That doesn't happen for proprietary software.]Drupal makes sandwiches happen.There is a module for that

Automated install/update

Submitted by nk on Thu, 2008-01-17 18:26

Could everyone just stop producing these modules? If your webserver can write files that are executed by the webserver, that's a security risk. If there is a minor exploit, this can turn it into a critical one. The proper way to do is to use FTP/SSH/whatever wrappers of PHP5 to FTP/SSH back to your server and thus write files over. Never store the password, ask it each time. This way security is kept and yet semi-automated updates are possible.

Commenting on this Story is closed.

Submitted by on Thu, 2008-01-17 20:40.

which modules are we to watch out for, that use this?

Submitted by on Thu, 2008-01-17 22:57.

There are no modules to watch out for. Modules should not have anything to do with upgrading. (Except for telling you that there's a new release, like update_status does, and that you should update it yourself.)

Submitted by on Thu, 2008-01-17 23:00.

or did i miss the point? i think so.

well whatever, i prefer SSH plus version control system :)