PauloV Posted January 19, 2015 Report Posted January 19, 2015 @cody Only now notice your response That could be an option, but it wouldn't resolve the issue of code changes related to authentication. If we're going to add an option to the config, we might as well add a token, and simply prompt users for this token when they wish process an upgrade through the web interface. That way the user can simply change it at any time via SFTP, and it doesn't rely on the authentication system matching the db schema. I like your idea also ++1 Quote
Blesta Addons Posted January 19, 2015 Author Report Posted January 19, 2015 If we're going to add an option to the config, we might as well add a token, and simply prompt users for this token when they wish process an upgrade through the web interface. That way the user can simply change it at any time via SFTP, and it doesn't rely on the authentication system matching the db schema. The best option is "license number", to get the upgrade download you have to login to the client area to download correct?, why not check the license? this way is more usefull for all and more secure on every aspect the outher options are: Wen uploading and executing the upgrade link, it will generate a token and send by email to all administrators staff this way we know the token to execute the upgrade all this ideas is good , the important here is not to let the upgrade directly anyone . but if i'm forced to vote , i will vote for licence number option . PauloV 1 Quote
mrrsm Posted January 19, 2015 Report Posted January 19, 2015 A lot of really good ideas. I personally like the license check as I have seen this used with a few other scripts that I have used. A token would probably be a good compromise between nothing and license id. Would there be a step on the initial installation to set this (advanced option or something) or would this have to be manually done? I am guessing it would have to be manually added to existing configs, or handled in an upgrade step somehow to prompt you for the value to add to the config (or tell you to add it if you want). Quote
serge Posted February 1, 2015 Report Posted February 1, 2015 I like idea for having option in Blesta config file (only allow update from CLI): and Blesta admin will enable or disable it depending of what he prefer. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.