[support] use uid1 or not Re: How to create "index" pages of content
Greg Knaddison
greg at pingvox.com
Sun Dec 9 23:20:36 UTC 2007
This is slightly off-topic from the original post so I'm changing the subject.
On Dec 9, 2007 6:30 PM, Shai Gluskin <shai at content2zero.com> wrote:
> Here is the handbook page that describes why not using user/1 for day-to-day
> is a best practice:
>
> http://drupal.org/node/22284
>
I don't think the conclusion you've drawn is really reflected in the
meat of the page. That's especially true if you use an account that
is granted a role that has all permissions on a site - that account is
just as vulnerable to most of the security problems listed on that
page.
The only thing that the "user 2 with all privileges" setup gets you is
a small amount of protection on security holes/actions in the
update.php file. But if you have a "user 2 with all privileges" then
that person probably has access to php input format and can do a lot
of damage to your site (which is worth a reminder: if you don't need
it then disable the php input format).
Regards,
Greg
--
Greg Knaddison
Denver, CO | http://knaddison.com
World Spanish Tour | http://wanderlusting.org/user/greg
More information about the support
mailing list