Admin Role Major Changes
- The Admin role should never be allowed to add/edit/delete content.
- It is a Entity/Role not a person.
- If someone wants to add/edit/delete content to a site they must
register and then be given rights.
The "admin" is of course anonymous if >1 person is in admin role and
that is bad bad bad
- The => first time <= an admin logs on they MUST MUST MUST change the
password.
- Admin passwords like all passwords should have a setting of how often they
must be changed (weekly, monthly' quarterly) and the system must
enforce that.
AdminContent Role
A role called "AdminContent" should exist. That role can
add/delete/edit content and can see the "content admin" screens (tabs,
settings,logs/monitoring)that content people need to see. They cannot
manage users, see and edit DBs directly, etc.
Passwords!!!!
- All passwords should be validated against stronger rules to prevent
dictionary attacks. Mixture of numbers and punctuation etc. This
should not be possible to disable.
- rb_users
The password is in cleartext (DNN has same problem)
We need that encrypted strongly as soon as possible. When coded, 2
levels of password protection at least must exist: one encrypted weak
lyenough that we can send them passwords if they forget it, and one
taht is so strongly encryted we can reset password but it is
essentially 1-way.
- Regular accounts should have a setting of how often they must be
changed (weekly, monthly, quarterly, yearly, etc.) and the system must
enforce that.
Developer Role
A role called "Developer" must be created. They will at least be able
to see errors that are not the generic "this site is down for
maintenance".