[Imc-drupal-dev] [IMC-Tech] Login for Drupal

Andrew McNaughton andrew at scoop.co.nz
Tue May 16 21:22:47 PDT 2006 

On Wed, 17 May 2006, Cameron Gregg wrote:

> eric wrote:
>> i am sole linux tech on bigmuddyimc.org. i'm running fedora. there is
>> one other tech for our imc who  helps with the  cms. the editors wanted
>> to switch to drupal as they want an easier cms for their use. we are
>> switching the server to run drupal. i temporarily set it up as
>> bigmuddyimc.org/drupal.  i myself  need to deal with something simpler
>> than dada as i don't have the time to do the update. also, something
>> with more documentation would be great. currently, my concerns with
>> drupal are ip logging, login, spam and to some degree security.
>>
>> 1) i would like to know how i can set it up so as to not require email
>> login. so someone can give an email of me at here <mailto:me at here>  for
>> example and create a password without email confirmation.
>
> I'm not sure how to do this. I must ask why you want this? It means
> people cannot retreive their password when they forget it and you'll end
> up with lots of unused, or used once accounts.

As a user of various services, I use sneakemail.com to solve a lot of the 
privacy concerns with giving an email address.  You could reccomend such 
an approach to your users.

While their basic service is free, sneakemail.com is a commercial concern. 
If anyone knows of a similar non-commercial service, I'd be happier 
recommending that.


>> 2)  does drupal itself do any logging?
>
> yes. it can be disabled. see this:
> https://docs.indymedia.org/view/Devel/ImcDrupalDevAnonymization
>
> I use the second method of putting:
>
> $_SERVER["REMOTE_ADDR"] = time();
>
> in boostrap.inc

Be aware that ip addresses may still turn up in apache's error logs with 
this method.

>> 3)  what kind of spam filtering is available for drupal?
>
> there is captcha module on the drupal website, and there is a spam
> module here:  http://www.kerneltrap.org/jeremy/drupal/spam/
>
>> 4) are there specific security holes in drupal that i should be
>> concerned about?
>
> nothing that I know of at the moment. There has been some xml-rpc holes
> in the recent past.

Security concerns do come up from time to time.  As with any server 
software, you do need to keep track of new releases, and install them 
promptly when they come up.

Andrew


-------------------------------------------------------------------
Andrew McNaughton           http://www.scoop.co.nz/
andrew at scoop.co.nz          Mobile: +61 422 753 792
                             pgp keyid: 1C7A8CFD
--
"We are trying to figure out how you conduct a war against something
other than a nation-state and how ... you conduct a war in countries
that you are not at war with,"   -- Donald Rumsfeld, 27 Jan 2006

More information about the Imc-drupal-dev mailing list