SMF Development > Fixed or Bogus Bugs
2.0.2: When installing, you can wander around with no accounts
Arantor:
How, exactly, is that a risk? There are no security concerns about user id 1, there are no account escalation risks. All it means is you have people think there's something special about user id 1, but there really, really isn't.
Yoshi:
--- Quote from: Arantor on May 05, 2012, 04:36:14 PM ---How, exactly, is that a risk? There are no security concerns about user id 1, there are no account escalation risks. All it means is you have people think there's something special about user id 1, but there really, really isn't.
--- End quote ---
Didn't user ID 1 get all permissions?
AFAICR that's the case. Might have changed/not been the case at all.
If it isn't, just ignore me with this report :P
Arantor:
No, user 1 does not get any permissions special to that account. When the admin account is created, it is given group 1 as part of that creation, which is what makes it an administrative account, not that it's account 1. In fact, account 1 always being an administrator is a risk in itself if for example an admin steps down you wouldn't be able to de-admin him without modifying his account at the DB level.
Yoshi:
--- Quote from: Arantor on May 05, 2012, 05:25:30 PM ---No, user 1 does not get any permissions special to that account. When the admin account is created, it is given group 1 as part of that creation, which is what makes it an administrative account, not that it's account 1. In fact, account 1 always being an administrator is a risk in itself if for example an admin steps down you wouldn't be able to de-admin him without modifying his account at the DB level.
--- End quote ---
Yeah, I'm always confusing these two it seems :P
Nevermind this report, then.
Navigation
[0] Message Index
[*] Previous page
Go to full version