Druplet
A Druplet is an on-demand Drupal sandbox generating machine. It uses Drupal's multi-site and install profile capabilities to allow for multiple unique sandboxes running under the same codebase. This module is not meant for use on production servers. Rather, it is a time-saving tool for developers.
There are some critical server configuration issues regarding this module. See the README.txt for more information.
== IMPORTANT! NEVER ALLOW UNTRUSTED USERS TO EXECUTE PHP CODE ON YOUR SERVER! ==
If you are using this for personal/internal use, the security issues are minimalized issues. However, if you allow non-trusted users access to execute PHP code on your server, they can potentially read the settings.php file of another Druplet. One line of defense is the paranoia module, which disables the PHP input format completely. In Drupal 6 this is handled by simply disabling the php.module in Drupal core.
Another security issue, but only for those who configure for multiple users using Jailkit (as described in the README.txt), is that you have to allow the web server access to create and jail the users on your system. An untrusted user could exploit this as well if s/he were able to execute PHP on your server.
See http://groups.drupal.org/node/2989#comment-14133 for more info.
Druplet is currently in development, but works. If you have feature requests of bug fixes, please provide them using the issue queue (see links below).
Releases
| Development snapshots | Date | Size | Links | Status | |
|---|---|---|---|---|---|
| 5.x-1.x-dev | 2008-Jan-17 | 13.32 KB | Download · Release notes | Development snapshot |  |
