[wp-hackers] Automatic Upgrades with InstantUpgrade plugin

Keith Constable kconstable at kccricket.net
Wed Apr 4 19:16:16 GMT 2007


On 04/04/07 13:29, Doug Stewart wrote:
> On 4/4/07, Alex Günsche <ag.ml2007 at zirona.com> wrote:
> 
> I agree that messing with the perms on a WP install is a Bad Idea(tm).
>  Your methodology assumes that everyone has FTP access, though, which
> isn't a universal truth.  Some may be CPanel-limited, others
> SFTP-only.

I'd assume most CPanel-limited users would be installing WordPress through
Fantastico.  Wouldn't most users using SFTP (as in file transfers over ssh) be
running their own servers?  In that case, those users wouldn't likely need an
easy update system anyway ("$ svn update").  I've never used a shared hosting
provider that only provided SFTP access, but it's been about five years since I
used shared hosting at all.

> One tack that hasn't been pursued is a PHP frontend to a shell
> scripted backend.  Have you thought of that, perhaps?  You'd obviously
> need different scripts for Windows vs. *NIX hosts, but it wouldn't
> really be any more insecure than using FTP as a method for doing this.

The only thing insecure about it is running an FTP server to begin with.  The
connection from PHP to the FTP server would be done via localhost, so the
information never leaves the computer and, therefore, can't be sniffed by third
parties.

--
-kccricket
* chirp * chirp *


More information about the wp-hackers mailing list