mahara-contributors team mailing list archive

Thread
Date

[Bug 868591] Re: Creating a Super Administrator User

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mario Stevenson <868591@xxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Oct 2011 18:47:24 -0000
Reply-to: Bug 868591 <868591@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Because of this security hole, I have rescinded the use of Mahara, and
chosen Tikiwiki. I appreciate the time.

Thank you

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/868591

Title:
  Creating a Super Administrator User

Status in Mahara ePortfolio:
  Triaged

Bug description:
  Hi,

  One of the issues I have seen when creating multiple admins in
  platforms from Joomla to Wordpress is administrative lockouts caused
  by administrative errors( or administrative lockouts.) Of course, we
  learn to use the administrator account for installation only, and then
  create another admin user. Here is the problem with Mahara:

  Once an admin is created...there's no root admin!

  Each admin has the same rights and privileges. This can lead to an
  admin hijacking the entire platform!

  I was able to do this to myself in testing to see if it can be done.

  Please examine administrative rights and permissions schema's similar
  to Drupal or Tikiwiki.

  Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/868591/+subscriptions