'Drupal 7.17 - Do I have to remove these files after installation?

A site I'm currently managing has Drupal 7.17 on it. I'm noticing the following files in the root of the website:

install.php
CHANGELOG.txt
INSTALL.txt
INSTALL.mysql.txt
INSTALL.pgsql.txt
LICENSE.txt
MAINTAINERS.txt
UPGRADE.txt

Researching this, tells me that as of Drupal 7.16, they fixed a security issue that would allow arbitrary code to run in install.php that would allow the re-installation of Drupal that someone could run. But basically, I am wondering if any of these files (if left in the server root) could cause problems in Drupal 7.17? Do I have to remove these files for security reasons? Or is this no longer a security risk whatsoever in Drupal 7.17?

I understand that we shouldn't remove the upgrade.php file, but just curious on the rest of these files.

Thanks, and this is probably a dumb question, but just felt the need to ask anyways. Usually I remove these files when I install software on websites, but not sure how Drupal uses and/or misuses these files.

drupal-7installation


Solution 1:[1]

You shouldn't delete any files. If you really wanted to, you could delete various txt files. A better solution if you are afraid of security is to not let the files be accessed through the web server. Drupal only use the index.php file for serving content.

Solution 2:[2]

I would love to hear an update and more recent thoughts on this question, and here is why.....

I was just working with a newly updated Drupal site to Drupal 8.9.20 running the Open Social distribution as a logged-in user with no admin privileges. This is my ACTIVE PRODUCTION site!

I deleted a node (News Article) I was trying to embed from a website that refuses to connect on some of their metadata ie: image #1, and after submitting on the delete link, the browser switched to install.php, which as you know sites in the document root.

I was of course shocked to see this and after considering the even innocent response a user might get that lead them to reinstall THEIR App, this could be very dangerous, of course.

So, since the last reply on this references Drupal versions from 2014, I was just wondering your thoughts in this day and age on what are the latest recommendations!

Thanks

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Soni Kishan
Solution 2 B Simon

Related Questions