Quoting Roy Smith roy@panix.com:
Is there any way to configure a module *before* it's enabled?
I just turned on the path module. I noticed that as soon as it's turned on, anybody is able to create path aliases. It was easy enough to reconfigure it to only allow admins to do that, but for a short while (between the time I enabled it and got to configure it), it was open to anybody.
No, administration is turned off until it is allowed.
For this, it's no big deal, but in general, it seems like a bit of a security hole. There should be some way to enable the configuration of a module before it's really turned on. Or is there, and I'm just missing it?
I don't know why your experience is different. Again you have to specify the user has administration rights. The default is off. Perhaps path was installed before and not completely uninstalled leaving old access rows.
Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/