Announcement

Collapse
No announcement yet.

Do not give anyone plugin / product management access

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • user-1231235234532
    replied
    Are there really people so stupid to give some one they do not trust the admin position ???

    So when I trust the admins (our team goes back almost ten years) I can keep all admin permissions on YES ? Or does that make things too easy for the badgirls after they hacked our forum ?

    Leave a comment:


  • Joe D.
    replied
    There are Administrators and SUPER Administrators. - Super Admins are specified by userid in the config.php file. Super Admins have permission to give / take permissions to other Admins. This is done via Admin CP -> Usergroups ->Administrator Permissions. This is different from Usergroup Permissions. You can create Admins that don't have permission to change usergroups if you want.

    All that said, even with Admin permissions, never make someone you don't trust an Admnistrator- Once they have *any* Admin CP access a malicious user could cause serious trouble. The Admin permissions are to keep honest people honest as the saying goes.

    Leave a comment:


  • McGyver
    replied
    Originally posted by DF031 View Post
    Ok let me re-phrase. Why would changing the usergroup settings for admins increase security? Any admin can undo those setting and then do his or her bad things.
    I presume Zachery means to properly set the administrator permissions by declaring a "lead administrator" in config.php and then configuring the rest of administrators' permissions.

    Leave a comment:


  • user-1231235234532
    replied
    Ok let me re-phrase. Why would changing the usergroup settings for admins increase security? Any admin can undo those setting and then do his or her bad things.

    Leave a comment:


  • Zachery
    replied
    Only install plugins? You mean only add php code that can be executed everywhere and anywhere to do anything you want. Plugins allow raw php code to be executed in vBulletin.

    Most administrator functions, have ways of being malicious if they're used as such.

    Leave a comment:


  • user-1231235234532
    replied
    Thanks Zachery,

    Admins can only install plugins anyway, but they are also the only ones that can change the settings you mentioned. So what good is it to follow this VB recommendation ? Or am I missing something ?

    Leave a comment:


  • Zachery
    replied
    AdminCP > Usergroups > Administrator permissions.

    The honest fact is, that you shouldn't give anyone admin access, unless you trust them with your entire site. Doubly so for ftp access.

    Leave a comment:


  • Do not give anyone plugin / product management access

    Hi all,

    VB recommends
    Do not give anyone plugin / product management access
    How do I do that ?

Related Topics

Collapse

Working...
X