Screw it. Let's write a module with sufficient AI that it spots when users are being stupid and presents them with a series of unsolved math problems (Riemann hypothesis, etc) that they have to solve before being let back in. After 24 hours the site returns to normal. :P<div>
<br clear="all">--Jim<br>--<br>My IM and Skype details are at <a href="http://state68.com/contact">http://state68.com/contact</a><br>
<br><br><div class="gmail_quote">On 9 August 2010 18:53, Ken Winters <span dir="ltr"><<a href="mailto:kwinters@coalmarch.com">kwinters@coalmarch.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
The same reason that sudo asks for a password again if you don't use it for a<br>
while: someone may have sat down at your computer.<br>
<br>
It would actually be better to ask for a password prior to doing *anything* that<br>
could be damaging, but that's a separate issue. Try posting a comment on<br>
linked-in for example: auto-login allows you to read, but not write.<br><font color="#888888">
<br>
- Ken Winters</font><div><div></div><div class="h5"><br>
<br>
On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi James,<br>
<br>
I curious about your reasoning for requiring a password? It seems like<br>
an example of "security" that only inconveniences the legitimate<br>
users.<br>
<br>
Both the modules mentioned provide an explicit permission to switch,<br>
ensuring that only authorized users have the capability, and both<br>
allow you to permit it without sharing a password that could be<br>
accidentally exposed to unauthorized users.<br>
<br>
It seems to me your proposed module weakens security for no practical<br>
benefit. Am I missing something?<br>
<br>
All the Best,<br>
<br>
Matt Chapman<br>
Ninjitsu Web Development<br>
ph: 818-660-6465 (818-660-NINJA)<br>
fx: 888-702-3095<br>
<br>
--<br>
The contents of this message should be assumed to be Confidential, and<br>
may not be disclosed without permission of the sender.<br>
<br>
<br>
<br>
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <<a href="mailto:james.benstead@gmail.com" target="_blank">james.benstead@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks - both of these modules solve half of the problem (i.e., the<br>
switching part) - but neither seem to allow me to force the user to enter<br>
the root password in order to switch to the root account. Very useful,<br>
though; two new questions:<br>
<br>
If I were to build a module that was dependent on either masquerade or devel<br>
switch user to provide the functionality I'm talking about, which module<br>
would be the best foundation?<br>
Is there a simple way I can mash-up this module with the regular user module<br>
to do this? I'm guessing there must be.<br>
<br>
Thanks again, guys; the best bit about Drupal (and the Drupal community) is<br>
not having to re-invent the wheel ;)<br>
--Jim<br>
--<br>
My IM and Skype details are at <a href="http://state68.com/contact" target="_blank">http://state68.com/contact</a><br>
<br>
Paolo Mainardi:<br>
<a href="http://drupal.org/project/masquerade" target="_blank">http://drupal.org/project/masquerade</a><br>
On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <<a href="mailto:predofaria@gmail.com" target="_blank">predofaria@gmail.com</a>><br>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
You can use devel module with switch user block<br>
<br>
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <<a href="mailto:james.benstead@gmail.com" target="_blank">james.benstead@gmail.com</a>><br>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I'm very interested in UI design, and mapping the design of Drupal admin<br>
interfaces to pre-existing, long-standing frameworks. I'm currently looking<br>
for a module that allows a "site manager" to quickly switch to and from the<br>
root user of a D6 site - in my mind's eye this module displays a block with<br>
a password field and a submit button; entering the root password and hitting<br>
the button is broadly equivalent to "sudo su" in Unix. Once the user has<br>
root privileges, a click on the "step down" button in the same block returns<br>
them to their saved regular session.<br>
My question: does a module exists that does this, or gets close to this?<br>
Or is it possible to cobble together this functionality by using existing<br>
functionality in already-existing D6 modules?<br>
Thanks,<br>
--Jim<br>
--<br>
My IM and Skype details are at <a href="http://state68.com/contact" target="_blank">http://state68.com/contact</a><br>
</blockquote>
<br>
<br>
<br>
--<br>
Pedro Faria de Miranda Pinto<br>
<a href="http://www.eusouopedro.com" target="_blank">http://www.eusouopedro.com</a><br>
<a href="http://www.phpavancado.net" target="_blank">http://www.phpavancado.net</a><br>
</blockquote>
<br>
<br>
</blockquote></blockquote>
<br>
</div></div></blockquote></div><br></div>