Screw it. Let's write a module with sufficient AI that it spots when users are being stupid and presents them with a series of unsolved math problems (Riemann hypothesis, etc) that they have to solve before being let back in. After 24 hours the site returns to normal. :P
--Jim -- My IM and Skype details are at http://state68.com/contact On 9 August 2010 18:53, Ken Winters <[email protected]> wrote: > The same reason that sudo asks for a password again if you don't use it for > a > while: someone may have sat down at your computer. > > It would actually be better to ask for a password prior to doing *anything* > that > could be damaging, but that's a separate issue. Try posting a comment on > linked-in for example: auto-login allows you to read, but not write. > > - Ken Winters > > > On Aug 9, 2010, at 1:33 PM, Matt Chapman wrote: > > Hi James, >> >> I curious about your reasoning for requiring a password? It seems like >> an example of "security" that only inconveniences the legitimate >> users. >> >> Both the modules mentioned provide an explicit permission to switch, >> ensuring that only authorized users have the capability, and both >> allow you to permit it without sharing a password that could be >> accidentally exposed to unauthorized users. >> >> It seems to me your proposed module weakens security for no practical >> benefit. Am I missing something? >> >> All the Best, >> >> Matt Chapman >> Ninjitsu Web Development >> ph: 818-660-6465 (818-660-NINJA) >> fx: 888-702-3095 >> >> -- >> The contents of this message should be assumed to be Confidential, and >> may not be disclosed without permission of the sender. >> >> >> >> On Mon, Aug 9, 2010 at 9:48 AM, James Benstead <[email protected]> >> wrote: >> >>> Thanks - both of these modules solve half of the problem (i.e., the >>> switching part) - but neither seem to allow me to force the user to enter >>> the root password in order to switch to the root account. Very useful, >>> though; two new questions: >>> >>> If I were to build a module that was dependent on either masquerade or >>> devel >>> switch user to provide the functionality I'm talking about, which module >>> would be the best foundation? >>> Is there a simple way I can mash-up this module with the regular user >>> module >>> to do this? I'm guessing there must be. >>> >>> Thanks again, guys; the best bit about Drupal (and the Drupal community) >>> is >>> not having to re-invent the wheel ;) >>> --Jim >>> -- >>> My IM and Skype details are at http://state68.com/contact >>> >>> Paolo Mainardi: >>> http://drupal.org/project/masquerade >>> On 9 August 2010 17:40, Pedro Faria de Miranda Pinto < >>> [email protected]> >>> wrote: >>> >>>> >>>> You can use devel module with switch user block >>>> >>>> On Mon, Aug 9, 2010 at 1:35 PM, James Benstead < >>>> [email protected]> >>>> wrote: >>>> >>>>> >>>>> I'm very interested in UI design, and mapping the design of Drupal >>>>> admin >>>>> interfaces to pre-existing, long-standing frameworks. I'm currently >>>>> looking >>>>> for a module that allows a "site manager" to quickly switch to and from >>>>> the >>>>> root user of a D6 site - in my mind's eye this module displays a block >>>>> with >>>>> a password field and a submit button; entering the root password and >>>>> hitting >>>>> the button is broadly equivalent to "sudo su" in Unix. Once the user >>>>> has >>>>> root privileges, a click on the "step down" button in the same block >>>>> returns >>>>> them to their saved regular session. >>>>> My question: does a module exists that does this, or gets close to >>>>> this? >>>>> Or is it possible to cobble together this functionality by using >>>>> existing >>>>> functionality in already-existing D6 modules? >>>>> Thanks, >>>>> --Jim >>>>> -- >>>>> My IM and Skype details are at http://state68.com/contact >>>>> >>>> >>>> >>>> >>>> -- >>>> Pedro Faria de Miranda Pinto >>>> http://www.eusouopedro.com >>>> http://www.phpavancado.net >>>> >>> >>> >>> >
