Closed (works as designed)
Project:
Plugin Manager
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
9 Sep 2008 at 20:35 UTC
Updated:
13 Sep 2008 at 15:57 UTC
Nice project!
Quite a lot of people run drupal on their local machines (especially with xampp and its variations). It would be nice if you could just extract the files to a certain directory on the local computer. I guess that shouldn't be too hard to set up because they go to your local computer first anyway, right?
Like for me it would be to just plonk the files in D:\xampp\htdocs\drupal\sites\all\modules for example. There could just be a config box where you put that directory in.
Comments
Comment #1
kbahey commentedThis is often requested, and it is technically feasible.
But the security implications for it are dire.
We HAVE to make it via ftp or ssh, and we HAVE to input the md5 sums manually.
Joshua, can you update the project page with these two features so people stop asking for them?
Comment #2
fletchgqc commentedSorry to hassle you with this oft requested thing, but could you please elaborate about the security implications? (at least you could then link to this explanation from the front page perhaps)
Is it dangerous for me as the owner of my computer, because a bug in your code might cause it to start executing the wrong local file (like Windows DLLs)? Or because it a hacker could somehow get it to fetch the wrong files from the internet and execute them? Or...?
I'm just wondering because I might decide these are risks I'm willing to take on a testing webserver and then code my own patch to do this (it would be extremely handy for testing platforms where I repeatedly install the same modules). Thanks.
Comment #3
kbahey commentedIt is not about the risks you or others are willing to take, it is about how we want to design software that is widely used within the Drupal community. We will not design such insecure software.
In short, anything that allows automatic write access to your web server where you are serving files form is a security risk, and can cause malicious code to be served from your site, and even take it over completely.
The project page has been updated with this FAQ.