Screw it. Let's write a module with sufficient AI that it spots when users are being stupid and presents them with a series of unsolved math problems (Riemann hypothesis, etc) that they have to solve before being let back in. After 24 hours the site returns to normal. :P --Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 18:53, Ken Winters <kwinters@coalmarch.com> wrote:
The same reason that sudo asks for a password again if you don't use it for a while: someone may have sat down at your computer.
It would actually be better to ask for a password prior to doing *anything* that could be damaging, but that's a separate issue. Try posting a comment on linked-in for example: auto-login allows you to read, but not write.
- Ken Winters
On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote:
Hi James,
I curious about your reasoning for requiring a password? It seems like an example of "security" that only inconveniences the legitimate users.
Both the modules mentioned provide an explicit permission to switch, ensuring that only authorized users have the capability, and both allow you to permit it without sharing a password that could be accidentally exposed to unauthorized users.
It seems to me your proposed module weakens security for no practical benefit. Am I missing something?
All the Best,
Matt Chapman Ninjitsu Web Development ph: 818-660-6465 (818-660-NINJA) fx: 888-702-3095
-- The contents of this message should be assumed to be Confidential, and may not be disclosed without permission of the sender.
On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead@gmail.com> wrote:
Thanks - both of these modules solve half of the problem (i.e., the switching part) - but neither seem to allow me to force the user to enter the root password in order to switch to the root account. Very useful, though; two new questions:
If I were to build a module that was dependent on either masquerade or devel switch user to provide the functionality I'm talking about, which module would be the best foundation? Is there a simple way I can mash-up this module with the regular user module to do this? I'm guessing there must be.
Thanks again, guys; the best bit about Drupal (and the Drupal community) is not having to re-invent the wheel ;) --Jim -- My IM and Skype details are at http://state68.com/contact
Paolo Mainardi: http://drupal.org/project/masquerade On 9 August 2010 17:40, Pedro Faria de Miranda Pinto < predofaria@gmail.com> wrote:
You can use devel module with switch user block
On Mon, Aug 9, 2010 at 1:35 PM, James Benstead < james.benstead@gmail.com> wrote:
I'm very interested in UI design, and mapping the design of Drupal admin interfaces to pre-existing, long-standing frameworks. I'm currently looking for a module that allows a "site manager" to quickly switch to and from the root user of a D6 site - in my mind's eye this module displays a block with a password field and a submit button; entering the root password and hitting the button is broadly equivalent to "sudo su" in Unix. Once the user has root privileges, a click on the "step down" button in the same block returns them to their saved regular session. My question: does a module exists that does this, or gets close to this? Or is it possible to cobble together this functionality by using existing functionality in already-existing D6 modules? Thanks, --Jim -- My IM and Skype details are at http://state68.com/contact
-- Pedro Faria de Miranda Pinto http://www.eusouopedro.com http://www.phpavancado.net