Matt, that's a great solution. Thanks! J. --Jim -- My IM and Skype details are at http://state68.com/contact
On 9 August 2010 18:54, Matt Chapman <[email protected]> wrote: > Ah ha. I see what you're going for. > > My personal approach is to try to never give users a level of access > where they might break the site, even accidentally. But that does > often require additional work that I realize is not always practical, > if you're dealing with limited time or budgets. > > If Domenic doesn't persuade you, and you're still going to go to the > point of creating a custom module, may I suggest that you require > users to re-enter their OWN password, rather than sharing the user 1 > password with every one? Really, you're asking for trouble by sharing > that password with anyone who doesn't absolutely need it. > > All the Best, > > Matt Chapman > Ninjitsu Web Development > ph: 818-660-6465 (818-660-NINJA) > fx: 888-702-3095 > > -- > The contents of this message should be assumed to be Confidential, and > may not be disclosed without permission of the sender. > > > > On Mon, Aug 9, 2010 at 10:39 AM, James Benstead > <[email protected]> wrote: > > Hi Matt, > > It's "deliberate inconvenience" if you like. The site will have a manager > > who will, through their regular account, be able to upload and manage > > content, process Ubercart orders, etc. I'd like them to quickly be able > to > > switch to the root account for more technical (and therefore dangerous) > > tasks. The act of entering a password will give them the sense that what > > they are doing implies a risk. Also, the root account will have a > slightly > > different theme. Possibly plastered with skull and crossbone motifs ;) > > --Jim > > -- > > My IM and Skype details are at http://state68.com/contact > > > > > > On 9 August 2010 18:33, Matt Chapman <[email protected]> wrote: > >> > >> Hi James, > >> > >> I curious about your reasoning for requiring a password? It seems like > >> an example of "security" that only inconveniences the legitimate > >> users. > >> > >> Both the modules mentioned provide an explicit permission to switch, > >> ensuring that only authorized users have the capability, and both > >> allow you to permit it without sharing a password that could be > >> accidentally exposed to unauthorized users. > >> > >> It seems to me your proposed module weakens security for no practical > >> benefit. Am I missing something? > >> > >> All the Best, > >> > >> Matt Chapman > >> Ninjitsu Web Development > >> ph: 818-660-6465 (818-660-NINJA) > >> fx: 888-702-3095 > >> > >> -- > >> The contents of this message should be assumed to be Confidential, and > >> may not be disclosed without permission of the sender. > >> > >> > >> > >> On Mon, Aug 9, 2010 at 9:48 AM, James Benstead < > [email protected]> > >> wrote: > >> > Thanks - both of these modules solve half of the problem (i.e., the > >> > switching part) - but neither seem to allow me to force the user to > >> > enter > >> > the root password in order to switch to the root account. Very useful, > >> > though; two new questions: > >> > > >> > If I were to build a module that was dependent on either masquerade or > >> > devel > >> > switch user to provide the functionality I'm talking about, which > module > >> > would be the best foundation? > >> > Is there a simple way I can mash-up this module with the regular user > >> > module > >> > to do this? I'm guessing there must be. > >> > > >> > Thanks again, guys; the best bit about Drupal (and the Drupal > community) > >> > is > >> > not having to re-invent the wheel ;) > >> > --Jim > >> > -- > >> > My IM and Skype details are at http://state68.com/contact > >> > > >> > Paolo Mainardi: > >> > http://drupal.org/project/masquerade > >> > On 9 August 2010 17:40, Pedro Faria de Miranda Pinto > >> > <[email protected]> > >> > wrote: > >> >> > >> >> You can use devel module with switch user block > >> >> > >> >> On Mon, Aug 9, 2010 at 1:35 PM, James Benstead > >> >> <[email protected]> > >> >> wrote: > >> >>> > >> >>> I'm very interested in UI design, and mapping the design of Drupal > >> >>> admin > >> >>> interfaces to pre-existing, long-standing frameworks. I'm currently > >> >>> looking > >> >>> for a module that allows a "site manager" to quickly switch to and > >> >>> from the > >> >>> root user of a D6 site - in my mind's eye this module displays a > block > >> >>> with > >> >>> a password field and a submit button; entering the root password and > >> >>> hitting > >> >>> the button is broadly equivalent to "sudo su" in Unix. Once the user > >> >>> has > >> >>> root privileges, a click on the "step down" button in the same block > >> >>> returns > >> >>> them to their saved regular session. > >> >>> My question: does a module exists that does this, or gets close to > >> >>> this? > >> >>> Or is it possible to cobble together this functionality by using > >> >>> existing > >> >>> functionality in already-existing D6 modules? > >> >>> Thanks, > >> >>> --Jim > >> >>> -- > >> >>> My IM and Skype details are at http://state68.com/contact > >> >> > >> >> > >> >> > >> >> -- > >> >> Pedro Faria de Miranda Pinto > >> >> http://www.eusouopedro.com > >> >> http://www.phpavancado.net > >> > > >> > > > > > >
