[Mediawiki-l] Extension manager
Michael B Allen
mba2000 at ioplex.com
Sat Jun 9 19:12:15 UTC 2007
On Sat, 9 Jun 2007 10:11:31 -0700
Jan Steinman <Jan at Bytesmiths.com> wrote:
> > From: Dantman <dan_the_man at telus.net>
> >
> > Adding and removing things from LocalSettings.php might be
> > troublesome.
>
> How about a single line in LocalSettings.php that includes a "don't
> touch me" file that is maintained only via the ExtensionManager?
>
> Part of the manual installation would be to include this one line, as
> well as remove any existing extension inclusions.
I haven't read this whole thread so pardon if I'm restating something
that's been discussed already but being someone who has extensions for
several LAMP apps that allow you to administer extensions, there's one
fundamental problem that always get's in the way:
To be able to upload a package file, the web server needs write access
to the extensions directory. This is fatally flawed because anyone who
can run a web script can now overwrite your auth plugin with their own
hacked version of it.
So whatever you do, just make sure you can always do it the old-fashioned
way - putting the file to the extensions dir and adding two lines to
LocalSettings.php.
Mike
--
Michael B Allen
PHP Active Directory Kerberos SSO
http://www.ioplex.com/
More information about the MediaWiki-l
mailing list