I am a newbie here and just installed drupal5.0-beta1 which works great for me. Thanks!

I noticed there are some runnable scripts after the installation, one of them is update.php, am I supposed to remove or chmod it, otherwise anyone could run it without my permission right? what do I need to do manually after the installation to make sure my site is safe? the only thing i did after installation is add the "files" directory, is that enough?

thanks again.

Comments

vm’s picture

only you can run update.php. The file won't do anything when accessed outside drupal

drupal is in beta stage which means holes can be found that will be patched. Do not use in production environment.

Steven’s picture

install.php will only run on a site that has not been installed yet. You do need to make sure your settings.php file is not writable (as advised by the installer) to prevent problems when the database is down.

update.php can only be run by a user who is logged in as user 1. You can get around this by manually turning off the access check in the code when needed, but as long as you set it back soon after, there is no security problem.

--
If you have a problem, please search before posting a question.

Zoologico’s picture

Per this:

You do need to make sure your settings.php file is not writable (as advised by the installer) to prevent problems when the database is down.

vm’s picture

644