summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sites/default/default.settings.php18
1 files changed, 13 insertions, 5 deletions
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 2e5654b..0b12bd3 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -528,13 +528,21 @@ $conf['404_fast_html'] = '<html xmlns="http://www.w3.org/1999/xhtml"><head><titl
*
* The Update manager module included with Drupal provides a mechanism for
* site administrators to securely install missing updates for the site
- * directly through the web user interface by providing either SSH or FTP
- * credentials. This allows the site to update the new files as the user who
- * owns all the Drupal files, instead of as the user the webserver is running
- * as. However, some sites might wish to disable this functionality, and only
- * update the code directly via SSH or FTP themselves. This setting completely
+ * directly through the web user interface. On securely-configured servers,
+ * the Update manager will require the administrator to provide SSH or FTP
+ * credentials before allowing the installation to proceed; this allows the
+ * site to update the new files as the user who owns all the Drupal files,
+ * instead of as the user the webserver is running as. On servers where the
+ * webserver user is itself the owner of the Drupal files, the administrator
+ * will not be prompted for SSH or FTP credentials (note that these server
+ * setups are common on shared hosting, but are inherently insecure).
+ *
+ * Some sites might wish to disable the above functionality, and only update
+ * the code directly via SSH or FTP themselves. This setting completely
* disables all functionality related to these authorized file operations.
*
+ * @see http://drupal.org/node/244924
+ *
* Remove the leading hash signs to disable.
*/
# $conf['allow_authorize_operations'] = FALSE;