[Planetlab-devel] drupal's user page
mef at cs.princeton.edu
Thu Jan 7 20:55:17 EST 2010
I like this. An extra level o protection can never hurt.
On Jan 7, 2010, at 6:39 PM, Thierry Parmentelat <thierry.parmentelat at sophia.inria.fr
> I'd been following another route in parallel in order to try and
> address this
> the idea was a patch to the user.module;
> so, for the record at least, I am attaching both the patch and the
> patched version
> this should be accessible on vplc09.inria.fr for a few days (that
> is, until the automated tests deploy another plc instance on this IP
> your solution seems more elegant, but I can't remember off the top
> of my head how to programmatically tweak these drupal settings; I
> vaguely recollect this can be painful
> IIRC we've done it so far through a sql script, see PLEWWW/drupal-
> On Jan 8, 2010, at 12:22 AM, Marc Fiuczynski wrote:
>> The drupal user page accessible on any PLC (e.g. http://PLCURL/?q=user
>> ) is not explicitly exposed to regular users, but indeed
>> knowledgeable users can find this page. Drupal's default setting
>> is to permit visitors to create "drupal" accounts from this page.
>> Obviously, this does not make sense for MyPLC and it should be
>> It is easy to disable by simply logging in as an admin and going to
>> the following URL:
>> The resolution is to change the setting at the above page from:
>> "Visitors can create accounts and no administrator approval is
>> "Only site administrators can create new user accounts."
>> and then at the bottom of the page saving the settings.
>> With this change it wont be possible for anonymous users to create
>> drupal accounts.
>> It would be great if we could figure out how to programmatically
>> change the default setting to the "only site administrators can
>> create new user accounts" so this manual step via the web interface
>> is not required when doing a MyPLC installation.
>> Devel mailing list
>> Devel at lists.planet-lab.org
> Devel mailing list
> Devel at lists.planet-lab.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel