Hi Shai- That sounds really cool. Just a few thoughts: - I'd be concerned about allowing people to post any kind of content, in particular javascript or php. So the first thing on my list to check would be the input filters that people are allowed to use. - Besides that, maybe it would be helpful if you could list what permissions and admin functionality you are planning on enabling, so people could think about security with these features in mind. - Lastly, since you explicitly asked, I can't personally recommend that you do this on a production server, but if you want to go down this route, I'd 1) try to setup some kind of apache jail for the d7 sandbox (this would separate the d7 system from the rest of your stuff) and 2) make sure that I had frequent off-site code and database backups for all of my client sites. Again, cool idea. Best, tim On Tue, Nov 3, 2009 at 9:46 AM, Daniel F. Kudwien <news@unleashedmind.com>wrote:
I had planned to give people a LOT more access than that. I certainly was *not *going to give folks FTP or administer users permissions, but otherwise I was thinking of giving authenticated users a lot of permissions. I'm planning on having the Demonstration Site module <http://drupal.org/project/demo>running to take snapshots on cron (and I wouldn't give people admin privileges on that, obviously). So I could set the site back if someone comes along and messes things up.
Handing out administrative permissions needs careful thoughts. In
Add Demo Secure module http://drupal.org/node/375411
I outlined the critical steps to hand out _all_ administrative permissions for the sake of my Total Admin IA Revamp proposal earlier this year, which allowed to access and alter everything in Drupal.
That, of course, required additional steps. However, if you skip the following, then you should be fine:
:: WARNING: THIS LIST MAY NOT BE COMPLETE ::
- administer permissions: Prevents granting access to PHP permissions, filter configuration.
- administer filters: Prevents access to filter configuration.
- administer languages: Prevents access to translation import functionality.
- administer demo site: Prevents access to Demo site administration. (Attention: the "Reset" block can still be used, and can be enabled by anyone who has "administer blocks" access.)
Additionally, I recommend to install a CAPTCHA or spam protection module. If you want to grant access to "administer site configuration" (which currently is the global access trigger for everything below admin/config), then people will be able to enable/disable modules. To prevent certain modules from being disabled, you should put the following in their .info files:
hidden = TRUE required = TRUE
Please note that it's perfectly possible that some new functionality (authorize?) could make all of this a bit harder.
sun
-- Tim Loudon