[support] use uid1 or not Re: How to create "index" pages of content

[Greg Knaddison]

This is slightly off-topic from the original post so I'm changing the subject.

On Dec 9, 2007 6:30 PM, Shai Gluskin <shai at content2zero.com> wrote:
> Here is the handbook page that describes why not using user/1 for day-to-day
> is a best practice:
>
> http://drupal.org/node/22284
>

I don't think the conclusion you've drawn is really reflected in the
meat of the page.  That's especially true if you use an account that
is granted a role that has all permissions on a site - that account is
just as vulnerable to most of the security problems listed on that
page.

The only thing that the "user 2 with all privileges" setup gets you is
a small amount of protection on security holes/actions in the
update.php file.  But if you have a "user 2 with all privileges" then
that person probably has access to php input format and can do a lot
of damage to your site (which is worth a reminder: if you don't need
it then disable the php input format).

Regards,
Greg

-- 
Greg Knaddison
Denver, CO | http://knaddison.com
World Spanish Tour | http://wanderlusting.org/user/greg