By Anonymous (not verified) on
I am a newbie here and just installed drupal5.0-beta1 which works great for me. Thanks!
I noticed there are some runnable scripts after the installation, one of them is update.php, am I supposed to remove or chmod it, otherwise anyone could run it without my permission right? what do I need to do manually after the installation to make sure my site is safe? the only thing i did after installation is add the "files" directory, is that enough?
thanks again.
Comments
=-=
only you can run update.php. The file won't do anything when accessed outside drupal
drupal is in beta stage which means holes can be found that will be patched. Do not use in production environment.
They are safe
install.php will only run on a site that has not been installed yet. You do need to make sure your settings.php file is not writable (as advised by the installer) to prevent problems when the database is down.
update.php can only be run by a user who is logged in as user 1. You can get around this by manually turning off the access check in the code when needed, but as long as you set it back soon after, there is no security problem.
--
If you have a problem, please search before posting a question.
What's the proper chmod command on setting.php?
Per this:
644
644