Closed (won't fix)
Project:
Drupal core
Version:
6.x-dev
Component:
user.module
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
21 Jan 2009 at 16:27 UTC
Updated:
8 May 2013 at 14:54 UTC
When adding an access rule there is nothing to trace it back. No logentry or watchdog is added, while it should.
We launched our website redesign in Drupal 6.3, containing exploit vulnerability we patched a week later. However, someone took use of the exploit and injected malicious data, denying access to a Googlebot. This passed by unnoticed, so after we upgraded to D6.4 the problem wasn't solved. So, we were unable to trace back when this happened.
I vote for this being logged, I reckon this option should only be accessible to site-admins and traceable.
Comments
Comment #2
multiplextor commentedClosed. The reason: expired.