[Planetlab-devel] drupal's user page

Marc Fiuczynski mef at cs.princeton.edu
Thu Jan 7 20:55:17 EST 2010 

I like this. An extra level o protection can never hurt.

On Jan 7, 2010, at 6:39 PM, Thierry Parmentelat <thierry.parmentelat at sophia.inria.fr 
 > wrote:

> I'd been following another route in parallel in order to try and  
> address this
> the idea was a patch to the user.module;
> so, for the record at least, I am attaching both the patch and the  
> patched version
> this should be accessible on vplc09.inria.fr for a few days (that  
> is, until the automated tests deploy another plc instance on this IP  
> address..)
>
> your solution seems more elegant, but I can't remember off the top  
> of my head how to programmatically tweak these drupal settings; I  
> vaguely recollect this can be painful
> IIRC we've done it so far through a sql script, see PLEWWW/drupal- 
> hacks/database.pgsql
>
>
>
>
> <user.module>
>
> <user.module.patch>
>
>
>
>
> On Jan 8, 2010, at 12:22 AM, Marc Fiuczynski wrote:
>
>> Hello,
>>
>> The drupal user page accessible on any PLC (e.g. http://PLCURL/?q=user 
>> ) is not explicitly exposed to regular users, but indeed  
>> knowledgeable users can find this page.  Drupal's default setting  
>> is to permit visitors to create "drupal" accounts from this page.   
>> Obviously, this does not make sense for MyPLC and it should be  
>> disabled.
>>
>> It is easy to disable by simply logging in as an admin and going to  
>> the following URL:
>>
>> https://PLCURL/?q=admin/settings/user
>>
>> The resolution is to change the setting at the above page from:
>>
>> "Visitors can create accounts and no administrator approval is  
>> required."
>>
>> to
>>
>> "Only site administrators can create new user accounts."
>>
>> and then at the bottom of the page saving the settings.
>>
>> With this change it wont be possible for anonymous users to create  
>> drupal accounts.
>>
>> It would be great if we could figure out how to programmatically  
>> change the default setting to the "only site administrators can  
>> create new user accounts" so this manual step via the web interface  
>> is not required when doing a MyPLC installation.
>>
>> Marc
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at lists.planet-lab.org
>> https://lists.planet-lab.org/mailman/listinfo/devel
>
> _______________________________________________
> Devel mailing list
> Devel at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.planet-lab.org/pipermail/devel/attachments/20100107/8a516437/attachment.html

More information about the Devel mailing list