Closed (cannot reproduce)
Project:
Drupal core
Version:
8.0.x-dev
Component:
install system
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
8 Feb 2013 at 08:47 UTC
Updated:
29 Jul 2014 at 21:52 UTC
Seems like a straightforward and simple added security measure to not make user 1 always have the same username, especially a username that other CMS systems share as a default.
Even just prepending/appending "admin" with something specific to each installation, like a "machine name" version of the site name or something during site installation would automatically foil the majority of cursory hacking attempts by bots.
Comments
Comment #1
rbayliss commentedInstalling Drupal (at least on Drupal 8) through the interactive installer leads to a screen where you setup the "Site Maintenance Account." You have to choose a username for User 1, and it's not pre-filled to admin. So are you suggesting disallowing 'admin' as a choice for the user 1 username?
Comment #2
thedavidmeister commentedI for one almost exclusively use Aegir for development and almost never see the interactive installer.
I'm suggesting that when I don't use the interactive installer I don't end up with "admin".
Comment #3
josevitalsoutoI think this only occurs in Aegir, is set "admin" by default.
Comment #4
thedavidmeister commentedis that right? well I'll follow up over there then. Mind if I leave this ticket open until i can confirm/deny that?
Comment #5
yesct commenteddrush si is admin user by default, but I think that is a drush thing.
using the interactive install, there is no default username.