UseBB Community

Hi, I'm developing a cms manager for a software much alike cpanel. I liked UseBB so I'm going to include an installer for it.
There is just one thing a dont get. Why does the usebb software checks for writeabillity of config.php even if its already configured? Please fix that! .
I know there is an option for changing the configured database through usebb, but not letting the forum execute if config.php has no write permissions is too much for me. I mean, there could be a error message displayed to the user if it attempts to write an no writeable config.php, but...

Imagine poor me having to modify your code everytime a new version gets done. I cant leave config.php world writeable. That would be too much insecure.
We're talking about environments that are not owned by www-data, they are owned by a website client administrator. I cant leave config.php world writeable for ever!

Please say yes, I mean, I love your software, and I want to include it in the cms manager... I really do!

Is there any chance at all you could leave only the dabase configuration on config.php plus some static data and move all dinamic configuration to a MySQL table? In that case we would not have any problems with write permissions. I'll whait your answer.
This could be great for integrating useBB into softwares cpanel alike.

Having config.php writable is not insecure. The only way someone would be able to read or get data from that file is if they had FTP access. It needs to be writable inorder for the forum to work, same thing with every other forum software.

It needs to be writable to be able to edit the settings. The settings of 1.0 will stay in config.php, I know it isn't ideal and easy, but it's been like this for many releases and we're nearing 1.0 now.

In 2.0 this will change and settings will be database powered, so you will be able to use it then without any writable files.

Gaia wrote

Having config.php writable is not insecure. The only way someone would be able to read or get data from that file is if they had FTP access. It needs to be writable inorder for the forum to work, same thing with every other forum software.

It is unsecure, and that is not the only way. I told before, I'm talking about environments with several users, clients. Maybe clients have ssh access and maybe NOT chrooted. That is not secure, I dont like it.
I am not saying you dont need config.php writeable at some stage, but making that an eternal requirement is not good.
Look at phpbb config.php

<?php


// phpBB 2.x auto-generated config file
// Do not change anything in this file!

$dbms = 'mysql';

$dbhost = 'localhost';
$dbname = 'blablabla';
$dbuser = 'balalala';
$dbpasswd = 'yes';

$table_prefix = 'phpbb_';

define('PHPBB_INSTALLED', true);

?>

I would like to see this feature in version 2.0 Dietrich. Your software is really great, but as I told you, this strange feature is not the optimal for us who can use your software in another ways. I dont want the forum for using it myself. It is just another software that people will use.
I will include your software and modify it until version 2.0, but please dont forget to do the changes. I think I have some several months until my cms manager is ready to go public, but some server admins maybe will be not able or willing to modify your software. I can't include it in such conditions in a public release. Please understand.
Thanks.