[development] "Sudo" Module
James Benstead
james.benstead at gmail.com
Mon Aug 9 17:58:04 UTC 2010
Screw it. Let's write a module with sufficient AI that it spots when users
are being stupid and presents them with a series of unsolved math problems
(Riemann hypothesis, etc) that they have to solve before being let back in.
After 24 hours the site returns to normal. :P
--Jim
--
My IM and Skype details are at http://state68.com/contact
On 9 August 2010 18:53, Ken Winters <kwinters at coalmarch.com> wrote:
> The same reason that sudo asks for a password again if you don't use it for
> a
> while: someone may have sat down at your computer.
>
> It would actually be better to ask for a password prior to doing *anything*
> that
> could be damaging, but that's a separate issue. Try posting a comment on
> linked-in for example: auto-login allows you to read, but not write.
>
> - Ken Winters
>
>
> On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote:
>
> Hi James,
>>
>> I curious about your reasoning for requiring a password? It seems like
>> an example of "security" that only inconveniences the legitimate
>> users.
>>
>> Both the modules mentioned provide an explicit permission to switch,
>> ensuring that only authorized users have the capability, and both
>> allow you to permit it without sharing a password that could be
>> accidentally exposed to unauthorized users.
>>
>> It seems to me your proposed module weakens security for no practical
>> benefit. Am I missing something?
>>
>> All the Best,
>>
>> Matt Chapman
>> Ninjitsu Web Development
>> ph: 818-660-6465 (818-660-NINJA)
>> fx: 888-702-3095
>>
>> --
>> The contents of this message should be assumed to be Confidential, and
>> may not be disclosed without permission of the sender.
>>
>>
>>
>> On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <james.benstead at gmail.com>
>> wrote:
>>
>>> Thanks - both of these modules solve half of the problem (i.e., the
>>> switching part) - but neither seem to allow me to force the user to enter
>>> the root password in order to switch to the root account. Very useful,
>>> though; two new questions:
>>>
>>> If I were to build a module that was dependent on either masquerade or
>>> devel
>>> switch user to provide the functionality I'm talking about, which module
>>> would be the best foundation?
>>> Is there a simple way I can mash-up this module with the regular user
>>> module
>>> to do this? I'm guessing there must be.
>>>
>>> Thanks again, guys; the best bit about Drupal (and the Drupal community)
>>> is
>>> not having to re-invent the wheel ;)
>>> --Jim
>>> --
>>> My IM and Skype details are at http://state68.com/contact
>>>
>>> Paolo Mainardi:
>>> http://drupal.org/project/masquerade
>>> On 9 August 2010 17:40, Pedro Faria de Miranda Pinto <
>>> predofaria at gmail.com>
>>> wrote:
>>>
>>>>
>>>> You can use devel module with switch user block
>>>>
>>>> On Mon, Aug 9, 2010 at 1:35 PM, James Benstead <
>>>> james.benstead at gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>> I'm very interested in UI design, and mapping the design of Drupal
>>>>> admin
>>>>> interfaces to pre-existing, long-standing frameworks. I'm currently
>>>>> looking
>>>>> for a module that allows a "site manager" to quickly switch to and from
>>>>> the
>>>>> root user of a D6 site - in my mind's eye this module displays a block
>>>>> with
>>>>> a password field and a submit button; entering the root password and
>>>>> hitting
>>>>> the button is broadly equivalent to "sudo su" in Unix. Once the user
>>>>> has
>>>>> root privileges, a click on the "step down" button in the same block
>>>>> returns
>>>>> them to their saved regular session.
>>>>> My question: does a module exists that does this, or gets close to
>>>>> this?
>>>>> Or is it possible to cobble together this functionality by using
>>>>> existing
>>>>> functionality in already-existing D6 modules?
>>>>> Thanks,
>>>>> --Jim
>>>>> --
>>>>> My IM and Skype details are at http://state68.com/contact
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Pedro Faria de Miranda Pinto
>>>> http://www.eusouopedro.com
>>>> http://www.phpavancado.net
>>>>
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100809/a22040e5/attachment-0001.html
More information about the development
mailing list