[development] Security Around Setting Up a Sandbox

Daniel F. Kudwien news at unleashedmind.com
Tue Nov 3 14:46:04 UTC 2009

> I had planned to give people a LOT more access than that. I 
> certainly was *not *going to give folks FTP or administer 
> users permissions, but otherwise I was thinking of giving 
> authenticated users a lot of permissions. I'm planning on 
> having the Demonstration Site module 
> <http://drupal.org/project/demo>running to take snapshots on 
> cron (and I wouldn't give people admin privileges on that, 
> obviously). So I could set the site back if someone comes 
> along and messes things up.

Handing out administrative permissions needs careful thoughts.  In

Add Demo Secure module

I outlined the critical steps to hand out _all_ administrative permissions
for the sake of my Total Admin IA Revamp proposal earlier this year, which
allowed to access and alter everything in Drupal.

That, of course, required additional steps.  However, if you skip the
following, then you should be fine:


- administer permissions: Prevents granting access to PHP permissions,
filter configuration.

- administer filters: Prevents access to filter configuration.

- administer languages: Prevents access to translation import functionality.

- administer demo site: Prevents access to Demo site administration.
(Attention: the "Reset" block can still be used, and can be enabled by
anyone who has "administer blocks" access.)

Additionally, I recommend to install a CAPTCHA or spam protection module.
If you want to grant access to "administer site configuration" (which
currently is the global access trigger for everything below admin/config),
then people will be able to enable/disable modules.  To prevent certain
modules from being disabled, you should put the following in their .info

hidden = TRUE
required = TRUE

Please note that it's perfectly possible that some new functionality
(authorize?) could make all of this a bit harder.


More information about the development mailing list