I'm trying to find a way that allows me to create a separate drupal user id for logging in with from an alias that's posted on all posts and made public in either contact or private messaging forms or anywhere else a user id might normally be presented to anyone else but the user themselves on the site.

If i read your module description, it looks like your module creates additional logins while leaving the original one still valid for logins. I need to have a username or alias THAT IS ONLY FOR DISPLAY ON THE SITE TO UNAUTHENTICATED VIEWERS AND MEMBERS. THE KEY IS THAT THE ONLY ONE WHO SHOULD BE ABLE TO SEE THE ACTUAL USER ID FOR LOGIN IS ADMING AND THE USER THAT OWNS THE USER ID. Everyone else should never see another user's userid only their alias. And that alias should NOT be capable of a login?

Does that make sense? I get the feeling your module doesn't do that though. If it doesn't, why would somebody want an additonal userid if the original one is still visible and valid for logins. And do you have any suggestions for how i might make what i want a reality?

From a security standpoint, a separate userid from a public alias (that can not be used for login) for all other site access seems to make pretty good security sense.

As it stands right now, my contact and private messaging forms give logged in users access to all user ids, in my drupal 5.2 installation. I've created an alias field for the user id using profiles and have searched to find that there might be ways to change the theming to make userid "invisible" by replacing it with the user alias. But it looks like that user id isn't completely invisible in all places and i'm not sure i want to invest a lot of time implementing a solution that's only going to work 75%.

Also, wondering if you know if t's possible to set up ssl (basic apache certificate) and redirect all user login attempts to https on a drupal 5.2 site. It just occurred to me that all logins are in clear text. So if a site member knows the id of a fellow member, in theory it's that much easier to try a brute force attempt. and snooping doesn't help make that any safer.

thanks much

Comments

hunmonk’s picture

Component: Documentation » Miscellaneous
Status: Active » Closed (won't fix)

this post is far out of scope for this module -- it does nothing like what you want. i would suggest asking your questions in the #drupal-support IRC chatroom, or in the drupal.org forums.

why would somebody want an additonal userid if the original one is still visible and valid for logins

for the simple fact that you might want your full name displayed in all posts, but be able to login with another standard login name that you use elsewhere.

newdru’s picture

Could you at least answer part of the question?

Even if I can have a separate name for posts from the userid to login, i think your module still allows one to login with BOTH the userid AND the alias name right?

If the answer is no, i'd like to use your module.

If the answer is yes, i'm still not exactly sure what this buys you. because i can still login with the name i see in the posts right? In that case it doesn't offer you any login protection

hunmonk’s picture

you can log in with either the regular username, or the alternate login name.

the module was not designed to provide any login protection -- only to provide another username which you can use to log in to the site.