On Sat, 9 Jun 2007 10:11:31 -0700 Jan Steinman Jan@Bytesmiths.com wrote:
From: Dantman dan_the_man@telus.net
Adding and removing things from LocalSettings.php might be troublesome.
How about a single line in LocalSettings.php that includes a "don't touch me" file that is maintained only via the ExtensionManager?
Part of the manual installation would be to include this one line, as well as remove any existing extension inclusions.
I haven't read this whole thread so pardon if I'm restating something that's been discussed already but being someone who has extensions for several LAMP apps that allow you to administer extensions, there's one fundamental problem that always get's in the way:
To be able to upload a package file, the web server needs write access to the extensions directory. This is fatally flawed because anyone who can run a web script can now overwrite your auth plugin with their own hacked version of it.
So whatever you do, just make sure you can always do it the old-fashioned way - putting the file to the extensions dir and adding two lines to LocalSettings.php.
Mike