The Application Vault (which is also sometimes called the Application Pack) is a repository that comes as part of Plesk containing web-based applications that you can install on your website at the click of a button. This is very similar to cPanel's Fantastico system, and includes some popluar packages, such as Mambo (Content Mangement System), osCommerce (e-Commerce Site), phpBB (forums), bbClone (Counter) and more.
How does it work?
Basically, all you need to do is to long on to your account, click on the domain you want to install the application and click on the Application Vault icon. Once you've selected the package you want to install, tell it where to install and it will do the rest (including setting up permissions, extracting files and configurations databases, where required).
You'll then be given a link and access details to log onto the site and use it, just as if you had installed it yourself.
Do you support Application Vault
No, we no longer support Application Vault - all new servers have had not has this option installed and all current servers are running with a minimum set of available applications (basically, only those that are currently in use by our clients on those servers). This is due to a number of issues we've experienced with software installed from the vault.
Over the first year we had the Application Vault enabled for our clients, our servers (along with some customer's sites) has multiple security breaches. In each case, files were uploaded and run with the aim of causing disruption, defacing sites, spreading spam and/or expanding bot networks, with each of these attacks being a direct result of an application installed by Plesk from the vault as it was out of date with known major security holes and for which there were no updates available (from within Plesk).
As Plesk directly controls the files, database and configuration for the site, only Plesk can normally update the site, leaving manual intervention both tricky and much harder than if the site was installed manually as per the instructions contained within the distribution.
Although as a result of these holes we've installed mod_security to monitor the requests and block those that are pre-cursors to attacks, this doesn't solve the underlying problem and therefore the decision was taken to remove unused applications and disable the vault on all future servers. Rather than run the risk of future security breaches, and therefore opening up your site (and our server) to compromise, we feel it's better to make sure the maintainers of the sites install the software they would like, directly from the source using the latest version(s) available.
Most software (especially the more common versions) are usually very easy to install, involving just uploading the required files, configuring some permissions and a database and following the install program that comes with the software. However, we understand that not all customers will find this as easy as others, and as we are removing this feature from our packages, our Support Team will do their best to assist you in installing most common programs and software onto your site, if you would like it.
