From 368df6dc5f91046d6a314ea4c06c5d7997de0594 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Thu, 22 Oct 2009 01:07:02 +0000
Subject: - Patch #602586 by dww: document authorize.php killswitch in
 default.settings.php.

---
 sites/default/default.settings.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'sites/default')

diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 937cc420e..b8b4dbbe7 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -343,3 +343,19 @@ $conf = array(
 # $conf['blocked_ips'] = array(
 #   'a.b.c.d',
 # );
+
+/**
+ * Authorized file system operations:
+ *
+ * The Update manager module included with Drupal provides a mechanism for
+ * site administrators to securely install missing updates for the site
+ * directly through the web user interface by providing either SSH or FTP
+ * credentials. This allows the site to update the new files as the user who
+ * owns all the Drupal files, instead of as the user the webserver is running
+ * as. However, some sites might wish to disable this functionality, and only
+ * update the code directly via SSH or FTP themselves. This setting completely
+ * disables all functionality related to these authorized file operations.
+ *
+ * Remove the leading hash signs to disable.
+ */
+# $conf['allow_authorize_operations'] = FALSE;
-- 
cgit v1.2.3