Hi Mark,

There are security reasons why we would never do that. I don't think web code should be able to download and install new/more web code. That would require the entire Web including the /bin folder to be writable by the web process in order for it to download new dlls and put them into the bin folder.

It is far better to not allow the web process to write to any folder where there is execute permissions. Doing  that opens the door where unintended code could be downloaded and installed and executed. It is better to require a more privileged ftp user to install new code.

mojoPortal only needs write access to /App_Data and /Data and both of those can be marked as not executable to harden it so that no uploaded code can be executed.

While things like that in WordPress may seem very appealing and convenient it goes against good security practices and possibly is part of the reason there are frequent vulnerabilities in WordPress.

Best,

Joe

Hi Mark,

I have written an update cmd script to aide in updating the many mojoPortal websites I host. It requires you to have access to have direct file access to the server(s) hosting the sites (not ftp) but it could be adapted to use FTP instead. If you are interested in it, send me an email.

Later,
Joe