"delete kickstart.ini after installation" option

Author Message

Stephan Staubli

Tuesday 07 March 2006 5:16:09 am

hy

i use kickstart.ini to install ezpublish on client domains.
so there are some hot informations like uncrypted passwords in it which are only used for the installation wizzard. so i think it would be good to have an option like
"killKistartIniAfterInstallation=true" or something like this.

i use the provided .htaccess but still dont like to the have the kickstart.ini after installation.

thanks
s staubli

Gabriel Ambuehl

Tuesday 07 March 2006 5:49:40 am

Those passwords are stored in the site.ini anyhow so it's probably not a very big additional risk...

Visit http://triligon.org

Stephan Staubli

Wednesday 08 March 2006 2:31:09 am

so because the risk is their anyway its no problem to have more additional risk??

i dont know how often people use kickstart.ini but i think chances that access to
domain.tld/kickstart.ini are allowed than domain.tld/settings/site.ini are much bigger if someone uses not the .htaccess of ezpublish.

i think its also not difficult for some kiddies to search with google for "Powered by eZ publish® " to find a bad configured ezp and try to find a kickstart.ini with admin pw.

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.