This project is not covered by Drupal’s security advisory policy.

Druplet module was a handy tool in the early days of multi-site. Some mighty-fine developers have worked out a much more elegant solution called Ægir and I suggest you take a look.

A Druplet is an on-demand Drupal sandbox generating machine. It uses Drupal's multi-site and install profile capabilities to allow for multiple unique sandboxes running under the same codebase. This module is not meant for use on production servers. Rather, it is a time-saving tool for developers.

There are some critical server configuration issues regarding this module. See the README.txt for more information.

== IMPORTANT! NEVER ALLOW UNTRUSTED USERS TO EXECUTE PHP CODE ON YOUR SERVER! ==
If you are using this for personal/internal use, the security issues are minimalized issues. However, if you allow non-trusted users access to execute PHP code on your server, they can potentially read the settings.php file of another Druplet. One line of defense is the paranoia module, which disables the PHP input format completely. In Drupal 6 this is handled by simply disabling the php.module in Drupal core.

Another security issue, but only for those who configure for multiple users using Jailkit (as described in the README.txt), is that you have to allow the web server access to create and jail the users on your system. An untrusted user could exploit this as well if s/he were able to execute PHP on your server.

See http://groups.drupal.org/node/2989#comment-14133 for more info.

Druplet is currently in development, but works. If you have feature requests of bug fixes, please provide them using the issue queue (see links below).

Project information

  • caution Seeking co-maintainer(s)
    Maintainers are looking for help reviewing issues.
  • caution No further development
    No longer developed by its maintainers.
  • Module categories: Developer Tools
  • Created by matt@antinomia on , updated
  • shield alertThis project is not covered by the security advisory policy.
    Use at your own risk! It may have publicly disclosed vulnerabilities.

Releases