Posted by thedavidmeister on February 8, 2013 at 8:47am
3 followers
Jump to:
| Project: | Drupal core |
| Version: | 8.x-dev |
| Component: | install system |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (cannot reproduce) |
Issue Summary
Seems like a straightforward and simple added security measure to not make user 1 always have the same username, especially a username that other CMS systems share as a default.
Even just prepending/appending "admin" with something specific to each installation, like a "machine name" version of the site name or something during site installation would automatically foil the majority of cursory hacking attempts by bots.
Comments
#1
Installing Drupal (at least on Drupal 8) through the interactive installer leads to a screen where you setup the "Site Maintenance Account." You have to choose a username for User 1, and it's not pre-filled to admin. So are you suggesting disallowing 'admin' as a choice for the user 1 username?
#2
I for one almost exclusively use Aegir for development and almost never see the interactive installer.
I'm suggesting that when I don't use the interactive installer I don't end up with "admin".
#3
I think this only occurs in Aegir, is set "admin" by default.
#4
is that right? well I'll follow up over there then. Mind if I leave this ticket open until i can confirm/deny that?
#5
drush si is admin user by default, but I think that is a drush thing.
using the interactive install, there is no default username.