Re: "Exploit"...
Reply #20 –
Attachments maintenance may take hours...many hours. And the checkbox to disable admin security becomes handy in that cases (of course is a quite limited scenario, but a real one).
yep, I know at least one forum where it was a real scenario (german forum about photography with "millions" of attachments). It's an edge case, I think. The few ones who would run into such problems could still enable it via phpMyAdmin. Most will probably disable the admin security because they are to lazy to type their passwords frequently. I still believe we should discourage them from doing that.
You could always deal with that the way MediaWiki does: by making them CLI scripts only. But that doesn't do a lot for those using poor hosts. Mind you, those running poor hosts don't usually get their forums big enough to be up to the 'maintenance taking hours' stage.
CLI is nice but remote shell access via SSH is an extremely rare feature when it comes to shared hosting.