Currently extensions are not only not verified for tampering, but any table they add to the db is listed in the admin page that does the verification as an intruder, and it is suggested to drop it.

It would be nice instead to allow extension writers to add their own list of md5 checksum and table definitions, to be included in the verification process.
This basically means adding an ini file for the info used ofr upgrading instead of the data that is currently located in share/xxx.

To prevent extensions from overriding the definition of the basic eZ installation stuff, and minimize backward compatibility problems, the following approach might be taken:

• keep 'base' eZ definition in /share
• add an ini file where extensions can add their own table md5 and table def.