Project: http://drupal.org/sandbox/cloakedcode/1164190

User knock emulates "port knocking" by disabling the superuser (uid 1) account when they log out. In order to log into the account, a "secret knock" must first happen. This knock is provided in Configuration -> User knock as a URL with a generated key. Once that URL has been visited, the superuser account is activated and login proceeds as normal.

This reduces the chances of the superuser's password being bruteforced, as the account is disabled until the knock.

Comments

joachim’s picture

joachim commented
Status: Needs review » Needs work

Interesting idea, but please run your code through Coder module's review system.

This path could clash with those created by pathauto: 

  $items['user/knock'] = array(
dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

Pathauto by default uses the pattern 'users/[user:name]' so that it doesn't conflict with existing system 'user/*' paths.

rolf vreijdenberger’s picture

rolf vreijdenberger commented

nice idea.
the inherent danger in this module is this (and this should be fixed imo)
1. superuser logs in
2. installs knock module
2.1 *should visit config page to get knock parameter*, but doesn't
3. logs out -> ouch...

cloakedcode’s picture

cloakedcode commented
Status: Needs work » Needs review

I have reviewed the code with the Coder module and corrected the errors it reported. Additionally, it is now possible to get the "secret knock" emailed to the super user by clicking on the "Send Knock" tab displayed on /user. Enter the username/email of the super user and they will receive an email with the knock in it, very similar to resetting a password.

ralt’s picture

ralt commented

Hello,

The feature this module offers is a great idea!

You should just add some @file comments at the beginning of your files.

Except for this, the module's code looks great.

cloakedcode’s picture

cloakedcode commented

Thanks!

I have done as you suggested, and added more comments to explain the functions.

ccardea’s picture

ccardea commented
Status: Needs review » Reviewed & tested by the community

Sorry that this project was apparently abandoned by the other reviewers.

There are no licensing issues.
I have not found any module duplication issues.
The author appears to have a good understanding of Drupal API's, and is now folloing coding standards and documentation.
I did not find any security issues.

Everybody seems to like the idea, and all issues raised have been addressed.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.