Self-Updating Web Software

Anil announced the recent release of MT 3.12, which has, among other things, automatic generation of .htaccess files for dynamic pages.

One of the great things about Drupal is its integrated URL handling, so that's definitely part of the way to go. Apache, or 'full system' integration is certainly a big step for web software to take. Of course, there are those pesky permissions problems and securities risks...

Here's a little bit I wrote a while back for a file that's in a public folder listing (labeled '!!!_donotclick_youwillbebanned.foo' and w/ a robots.txt Deny rule) to block aggressive spiders:

<?php
  $deny = '# ' . date("D M j G:i:s T Y") . "\n";  
  $deny .= 'Deny from ' . $_SERVER['REMOTE_ADDR'] . "\n"; 
  fwrite(fopen('.htaccess', 'a'),$deny);
?>

Two things that would be really big things in the future of self-install web applications:

• Self-updating applications. Why doesn't Windows Update or apt-get pertain to webapps? I can't think of a good reason. D/L into staging area, check MD5s, check the DB schemas, and blink a bright green button to do updates. (assuming you're already licking the permissions problems - you'll want the quality of your code in general to be much higher than it currently is (and/or chrooting becomes commond practice), BTW. (see: Secure Programming for Linux and Unix HOWTO, How to Write Secure Code, Secure Coding: Principles and Practices)
• Fully integrated (httpd-level) access control. Scattered .htaccess files are convenient, but either a web-based centralized interface, either file/scanner-based, or a consolidated Database manager [mod_auth_mysql++] is the future of managing complex role/rule-based access control