El mié, 14-12-2005 a las 23:39 -0500, Owen Taylor escribió: > OK, spent an hour or so enabling the install of Drupal at the > Guadec team's request. > [...] > - Created /etc/httpd/sites.d/guadec-drupal.conf pointed at > /usr/local/www/guadec-drupal > > - Created /var/log/httpd/guadec-drupal (ownership root:gnomeweb) > > - Created /home/admin/secret/drupal as a PHP file with the > database password, ownership apache:apache 0440. Don't hard > code the DB password into any files inside the web root, > instead include this file. > > I didn't try to get drupal actually up and running myself; but the > above should as far as I can see be sufficient for doing so. > > The question that hasn't been answered to my satisfaction yet > is what the plans are for maintaining this site with version > control and how it is going to be upgraded for new Drupal > versions. > > If you diff the guadecsite tarball against the upstream > drupal-4.6.4.tar.gz, there are changes to sites/default/settings.php, > which is expected, but also the "pushbutton" theme has been > hacked up in place. (I didn't look at what, if anything has > been done to the modules that are also in the guadecsite > tarball.)
IMHO, safe_mode should be enabled to minimize any impact on any drupal flaw. And also, disable dynamic load of libraries (enable_dl Off). Using safe_mode, automatically some functions will be disabled, such as shell_exec, system, popen, exec, passthru; even it's only possible to browse directories where the owner it's the script's owner. It can be set inside of VirtualHost. AFAIU, Drupal should work ok using safe_mode, but for third people modules must be checked. It should be just setting php_admin_value inside of the VirtualHost. -- Germán Poó Caamaño http://www.ubiobio.cl/~gpoo/ Concepción - Chile _______________________________________________ Gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
