[development] using UID 1 (was Re: Overriding node_db_rewrite_sql())
Larry Garfield
larry at garfieldtech.com
Fri Jul 27 01:30:03 UTC 2007
On Thursday 26 July 2007, Greg Knaddison - GVS wrote:
> So, if folks feel strongly one way or another could they please edit
> that page (or respond here) with some of the reasons why you should
> "never use user #1".
>
> If you're going to say "for the same reasons as you never use root on
> unix" then please take the time to enumerate those reasons - I'm not
> sure I believe that comparison so having the list of reasons would
> help the discussion.
>
> Regards,
> Greg
>
> [1] http://drupal.org/user/1
> [2] http://groups.drupal.org/user/1
- Log into your Drupal site.
- Visit http://evilbadsite.com/
- Run Javascript on evilbadsite.com automatically.
- Watch your Drupal session be hijacked.
Would you rather have uid 1's session hijacked, or your normal user account
hijacked?
--
Larry Garfield AIM: LOLG42
larry at garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it." -- Thomas
Jefferson
More information about the development
mailing list