[development] Irresponsible security researcher

Joshua Rogers me at joshuarogers.net
Wed May 13 14:56:48 UTC 2009


Sorry.  I seem to have forgotten my ;)  I didn't really suspect that you 
wanted to do start a riot.

I think we should help him.  Personally, I discovered a vulnerability of my 
own this morning.  It's right up his alley.  If you have an administrator on 
your site, it seems that they can change almost anything!  (Yes, massively 
sarcastic.)  To make drupal safer, we should get rid of uid 1.  Yep...  
Safer....  ;)  Any objections?

> I was not asking for riots, violence or harm in any ways. I have
> chosen my words rather carefully and people apparently did not read
> them. I was asking for creative, funny pranks which makes him look and
> feel like the asshat he is.



More information about the development mailing list