Thread

😉  What nice comments to wake up too!  And yes, Greg in particular has been hammering away on optimization.  Expect to see that continue in the future.  We’re starting to find a nice balance between adding new features and updating the existing code.  With James on board for UI/UX improvements, we’ll hopefully have all bases covered in the future.

Now if 2.3 can meet my expectations, I’ll be feeling really good about all of the restructuring we’ve done.  Nice to hear it’s starting to bear fruit.

I don’t understand how admin.php does anything to mask system folder…other than shorter path to install.

Your users don’t need to know the name or location of the system folder when they’re using admin.php. In fact, our best practices page suggests moving the system folder above the webroot and just using admin.php .

I’m still a little confused by admin.php masking compared to the old way of masking a control panel and a non-standard system folder did before.

If anything, your control panel login form is now easily accessed by anyone by just going to admin.php on any EE site, something they could have never gotten to before if you renamed your system folder (and did the same on MSM site masked access).

One security hole found and it’s a lot easier to get in with a standard URL across the board.

VodkaFish, the difference is that with the admin.php file alone, they can’t do anything:

- they can’t log in if they don’t know your password
- they can in any case not access anything in the system folder from the web, if you’ve moved the system folder above the html access just as you would in the earlier method.

In fact, the only difference really is that Ellis have gone ahead and arranged the basis to reduce confusion.

I go one step further, being a bit concerned when I see a site get hit from known places.

I make a new folder, with yet another name; not so easily guessable.
I put the admin.php in that folder, and rename it to index.php.
I arrange .htaccess to allow that folder
I use admin by site.url.com/folder, which is quite normal and has no .php

Now, someone from the web must guess the name of that folder, plus guess the password. Other than this, they can’t do anything.

Inside jobs, or careless hosting; well, those are other stories. Makes it important to use someone with a record you trust.

In any case, EE’s security and record are very good indeed.

Regards,
Clive

...
Now, someone from the web must guess the name of that folder, plus guess the password. Other than this, they can’t do anything.
...

And how is this different than just renaming the system folder?...they have to guess its name as well 😊. To me bigger merit is in the move of folder above the root no matter the name.

I must have totally overlooked the renaming section of best practices the first time around, which was my main conern.

It makes it just like the /system pointers I used to setup on MSM sites to access the CP and negates my issue.

I’m getting errors when updating from 2.1.3 to 2.2.1.

I’ve copied all the relevant files across (system,themes,index.php,admin.php) but I’m getting PHP errors on the admin page and after logging in, making the admin inaccessible.

I used cp -pRv location1 location2 to merge the files coz I’m on a Mac.

PHP 5.3.2
EE 2.1.3 - 2.2.1
MacOSX - MAMP

—————————————————————

A PHP Error was encountered

Severity: Notice

Message: Constant PATH_MOD already defined

Filename: libraries/Core.php

Line Number: 66

+ another 20 errors

—————————————————————-

Update: this was my mistake. I didn’t copy the entire CONGIG folder over. I overlooked this when following the upgrade instructions.

Hope this helps anyone else that makes that mistake.

Just updated my site and, in the process, I have brought most of the French language pack to 2.2.1. How to upload it to the downloadables?

Thanks Benoit!  Email it to sales AT expressionengine DOT com, please. =)

I’m just starting my first EE project with a developer that has used EE for quite some time. This is a medium size project with a good bit of custom PHP and several Solspace add-ons. Go live is 9/15 and it needs to be pretty sound by then, but this is not a heart transplant system so I can live with some issues, just as long as they do not become my life and they settle down pretty quickly. My question is: Should I pust to start with EE 2.2?

If I’m doing certain things I should be hesitant? What might those certain things be that would give you pause?

Thanks for your help.

Dan

I’m just starting my first EE project with a developer that has used EE for quite some time. This is a medium size project with a good bit of custom PHP and several Solspace add-ons. Go live is 9/15 and it needs to be pretty sound by then, but this is not a heart transplant system so I can live with some issues, just as long as they do not become my life and they settle down pretty quickly. My question is: Should I pust to start with EE 2.2?

If I’m doing certain things I should be hesitant? What might those certain things be that would give you pause?

Thanks for your help.

Dan

Hi Dan,

If you’re on EE 2.x already, yes. Going to EE 2.2.1 is a no brainer. If you’re on 1.x, then it depends. The first thing I’d do is make sure there are EE 2 version of the add-ons you’re using (most likely).

I am building a new site, so EE 2.2 it will be. That was easy. Thank you Leslie.

I am building a new site, so EE 2.2 it will be. That was easy. Thank you Leslie.

No problem. And welcome to ExpressionEngine!