02-04-2017, 07:24 AM
(This post was last modified: 02-04-2017, 07:25 AM by ignitedcms.)
I just wanted to ask this question again, but what do people think about native PHP installers - as I'm thinking of doing away with my installer, (it doesn't really work as it is not native PHP). Is it useful or more of a security risk. Would you rather just load the database yourself and type in these setting in the config files ( like config.php and database.php.)
I think it's very important to have an installer because of the following reasons:
1) It will give the feeling the CMS is a robust product
2) It is very important for beginners and for people that are just trying out the CMS to have a quick way to do it for the first time without having to learning anything
3) Why would it be a security issue? Are you going to leave the "dangerous" files there after the install?
4) The manual way will always be safe and probably faster for the users that use the CMS a lot of times. For example, nowadays I never use the automatic installer in WordPress just because it is not useful in our workflow.
By the way... is CI community together in building a CMS? Or each developer is building their own?
I think the only good solutions are an installer that does everything or no installer at all.
If you are going to do an installer, I should be able to log in directly after installation and everything should be up and running.
The alternative is to do nothing, and tell people to update config files themselves, but I am presuming that part of your target audience is non-technically minded (unlike CI target audience), so this would not be a good idea.
As for security, I would suggest a php installer that perhaps uninstalls itself once it has been run, and does not run if an install has already been run (in case it is not deleted). Or an alert appearing on the admin homepage saying 'install folder not yet deleted is a security risk' with a 'delete installer' button to unset the installation files.
I know what you mean. There is clearly a much larger population of non-technical users/publishers/content developers/domain owners than there are web developers. So yes, a CMS audience is much larger than a frameworks audience.
Personally, I started out using a CMS that let me start learning PHP (it was called Etomite but it died. The biggest fork, ModX is awful now IMHO). But I would never use a CMS now. Perhaps that says more about the types of sites I build than the nature of CMSs.
I think it is an interesting idea to build a CMS to promote the framework though, like ellis lab did originally. (Or perhaps they built the framework to support their CMS - not sure.)