Forums / Suggestions / "delete kickstart.ini after installation" option

"delete kickstart.ini after installation" option

Next topic

Author	Message
Stephan Staubli	Tuesday 07 March 2006 5:16:09 am hy i use kickstart.ini to install ezpublish on client domains. so there are some hot informations like uncrypted passwords in it which are only used for the installation wizzard. so i think it would be good to have an option like "killKistartIniAfterInstallation=true" or something like this. i use the provided .htaccess but still dont like to the have the kickstart.ini after installation. thanks s staubli
Gabriel Ambuehl	Tuesday 07 March 2006 5:49:40 am Those passwords are stored in the site.ini anyhow so it's probably not a very big additional risk... Visit http://triligon.org
Stephan Staubli	Wednesday 08 March 2006 2:31:09 am so because the risk is their anyway its no problem to have more additional risk?? i dont know how often people use kickstart.ini but i think chances that access to domain.tld/kickstart.ini are allowed than domain.tld/settings/site.ini are much bigger if someone uses not the .htaccess of ezpublish. i think its also not difficult for some kiddies to search with google for "Powered by eZ publish® " to find a bad configured ezp and try to find a kickstart.ini with admin pw.

Author

Message

Tuesday 07 March 2006 5:16:09 am

i use kickstart.ini to install ezpublish on client domains.
so there are some hot informations like uncrypted passwords in it which are only used for the installation wizzard. so i think it would be good to have an option like
"killKistartIniAfterInstallation=true" or something like this.

i use the provided .htaccess but still dont like to the have the kickstart.ini after installation.

thanks
s staubli

Gabriel Ambuehl

Tuesday 07 March 2006 5:49:40 am

Those passwords are stored in the site.ini anyhow so it's probably not a very big additional risk...

Visit http://triligon.org

Stephan Staubli

Wednesday 08 March 2006 2:31:09 am

so because the risk is their anyway its no problem to have more additional risk??

i dont know how often people use kickstart.ini but i think chances that access to
domain.tld/kickstart.ini are allowed than domain.tld/settings/site.ini are much bigger if someone uses not the .htaccess of ezpublish.

i think its also not difficult for some kiddies to search with google for "Powered by eZ publish® " to find a bad configured ezp and try to find a kickstart.ini with admin pw.