[TYPO3-project-4-3] Install tool usability
Dan Osipov
dosipov at phillyburbs.com
Sun May 31 18:28:26 CEST 2009
>> 1. Downloaded and extracted 4.3 alpha 3 source and dummy package.
Loaded
>> up the browser to go to the new site, and was greeted with a message
>> that the "ENABLE_INSTALL_TOOL" file doesn't exist. Why isn't it part of
>> the dummy package? There is a warning when you log in to the BE that
the
>> file should be deleted, so security conscientious users will delete the
>> file after they're done installing.
>
> I am not sure if we should do this. One could say TYPO3 ships insecure
> by default if we add the file. Forcing a user to manually add the file
> will also raise awareness of this important measure.
I disagree. No one can run a TYPO3 site just by extracting the source &
dummy packages - there are additional steps that need to b taken. And
all of them require the install tool. Enabling it by default saves a
step for a user eager to get the system up and running. Securing it is
done at the end.
I'll take a look at the other issues and see if I can come up with some
patches.
Dan Osipov
Calkins Media
http://danosipov.com/blog/
Christian Kuhn wrote:
> Hey Dan.
>
> Thanks for this analysis. I am aware of some issues in the 1-2-3
> installer, I think we should at least fix some of them to improve the
> experience for new users.
>
>
> Dan Osipov wrote:
>> 1. Downloaded and extracted 4.3 alpha 3 source and dummy package. Loaded
>> up the browser to go to the new site, and was greeted with a message
>> that the "ENABLE_INSTALL_TOOL" file doesn't exist. Why isn't it part of
>> the dummy package? There is a warning when you log in to the BE that the
>> file should be deleted, so security conscientious users will delete the
>> file after they're done installing.
>
> I am not sure if we should do this. One could say TYPO3 ships insecure
> by default if we add the file. Forcing a user to manually add the file
> will also raise awareness of this important measure.
>
>
>> 2. After completing the information on step 1 I was given an error that
>> localconf.php is not writable, with no other information. a) Shouldn't
>> there be a check in step 1 to verify file permissions? b) Shouldn't the
>> message be a bit more user-friendly? For example come up in the install
>> tool template, and offer suggestions on correcting the problem?
>
> Yes, a check of permissions, especially of typo3conf/ / localconf.php
> should be done early in the process, including a message in error case.
>
>
>> 3. After changing the file permissions, and going back to step 1, I was
>> not able to connect to the DB, no matter what I did. Here is the error
>> message:
>> There is no connection to the database!
>> (Username: , Password: , Host: ).
>
> There are some similar reports in the bugtracker. This should definitely
> be fixed, will investigate.
>
>
>> 4. After successfully connecting to the DB, I moved on to step 2. I
>> chose to create a new database, which is the recommended option. I typed
>> in the name, clicked continue, and was greeted with another error:
>
> This might be a problem with the mysql user not allowed to create
> databases. Issue 97 (!) in bt is about checking mysql rights in the
> install tool. A solution would be great.
>
>
>> So next question is - how do we fix it?
>
> Pick up some issues and create patches ;)
>
>
> Regards
> Christian
More information about the TYPO3-project-4-3
mailing list