Jim Pingle wrote:
chasd wrote:
I suppose the folder could be moved to/from a folder that is not web-accessible
I think that is the best approach if you are concerned about security.
I would still prefer it didn't exist at all on an existing install, as it shouldn't be necessary. :)
The fact that you're worried about an SVN update bringing back the installer directory implies that you're running your live web site from your Subversion working copy. I wouldn't recommend this, since it opens up access to all of our .svn directories on your web server. You could get creative with access rules and/or .htaccess files, but that's probably introducing more complexity than copying the real files from your working copy to your web root. The rsync script posted earlier is similar to the installer script that I use (which excludes the .svn directories and other files that I don't want the web server serving up).
-Eric
List info: http://lists.roundcube.net/dev/