document philosophy/roadmap

I think the philosophy of: "Don't trust the admins" really succinctly explains almost all features of the module.

In terms of purposes:

Block super destructive features present in Drupal core/contrib (like the ability to execute PHP)
Maybe outright prevent installation of some dangerous modules (anything that relies on bad judgement is a good tip off
Track (log) actions which might be useful for a forensic review of what happened on a site

Anything else?

Comments

coltrane’s picture

Comment #1

he/him

commented 24 September 2010 at 15:42

"Don't trust the admin" -> Don't trust the admin(s) ?

Security Review has a mechanism for defining "trusted" roles. Is it worth defining admin roles and extending the meaning here?

Log in or register to post comments

Comment #1.0

he/him

English

Denver, Colorado, USA

commented 24 April 2012 at 23:05

Issue summary:

s

Log in or register to post comments

Comment #2

he/him

English

Denver, Colorado, USA

commented 26 January 2015 at 16:34

Issue summary:	View changes
Status:	Active	» Fixed

After 2+ years with no feedback I guess this is agreed.

Log in or register to post comments

Comment #3

9 February 2015 at 16:34

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Log in or register to post comments