Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project page currently has this caveat on the project page:
This is primarily a developer tool and should never ever (don't even think it) be installed on a production site.
It is correct that this fine tool is not designed to be a regular part of a production site, but I find the "don't even think it" part too strong. Saying that is have no place on a production site may misguide prospective users about possible use-cases.
A development site should not be accessible by the public, so the only use of this tool on a non-production site seems to be monitoring co-developers (i.e. too catch them if they hack core or contribs). IMHO, there should be no need to do that in a healthy working environment.
In fact, I believe that the prime use case for this module is forensics after you've discovered some injected PHP in one of your files on a production site - and you quickly want to find out if the intruder has been able to do more damage.
In light of that, I would suggest that this text on the project page is amended to:
This is primarily a forensics tool for developers. If you want to analyse a production site for changes to the core and to contrib modules, first take the site off-line and then use this tool to search for alterations.
Comments
Comment #1
gisleFixed typo in heading
Comment #2
ivnish CreditAttribution: ivnish commented