SMF Development > Fixed or Bogus Bugs

2.0.2: When installing, you can wander around with no accounts

(1/2) > >>

NanoSector:
Hi!

So, someone was installing SMF today, and I decided to check if he was done yet.

I opened up the forum...
Latest member: (empty)

That means people are able to wander around, register and get an user with ID 1, possibly!

Perhaps force the maintenance mode, when installing?

Arantor:
The odds are if you hit upon a forum during install where you're at the stage where it's usable but no admin user yet created, the admin will probably have created their account in the time it takes you to register.

I don't think it's a good idea to go through maintenance during install, it's only yet more things that will cause problems when the files aren't writable by users immediately after installing (and thus won't be able to get it out of maintenance mode)

NanoSector:

--- Quote from: Arantor on May 05, 2012, 02:36:20 PM ---The odds are if you hit upon a forum during install where you're at the stage where it's usable but no admin user yet created, the admin will probably have created their account in the time it takes you to register.
--- End quote ---
Yes, but it is a risk when you know someone is reinstalling SMF.


--- Quote ---I don't think it's a good idea to go through maintenance during install, it's only yet more things that will cause problems when the files aren't writable by users immediately after installing (and thus won't be able to get it out of maintenance mode)

--- End quote ---
Maybe, but if you can write the database settings to Settings.php you can also write the maintenance setting, right?

Arantor:
Yes, but there's a couple of operations since then and IIRC the installer actually tries to protect Settings.php again after changing the settings to make it safe (and it may not be able to change it back after)

It's not a 'risk' per se, there are no security implications, it's just a minor possible inconvenience and nothing more than that. I'm not even sure I'd class it as a bug (and I certainly have no plans to fix it in my own stuff)

NanoSector:

--- Quote from: Arantor on May 05, 2012, 03:54:11 PM ---Yes, but there's a couple of operations since then and IIRC the installer actually tries to protect Settings.php again after changing the settings to make it safe (and it may not be able to change it back after)

It's not a 'risk' per se, there are no security implications, it's just a minor possible inconvenience and nothing more than that. I'm not even sure I'd class it as a bug (and I certainly have no plans to fix it in my own stuff)

--- End quote ---
Well, I would call it a risk, since the database doesn't have an user with id 1 and the next user will get ID 1.

Navigation

[0] Message Index

[#] Next page

Go to full version