Search

Training

Our next U.S. stop:

Charlotte, NC - Blue Collar Git
Friday, June 8, 2012

Mike Anello and Andrew Riley from Mediacurrent are teaming up to offer the first Blue Collar Git workshop on Friday, June 8 as part of DrupalCamp Charlotte (also part of the Southeast LinuxFest). The cost is only $149 for the full day if you register during the month of May ($199 otherwise). 

Blue Collar Git
Click for more info and to register!

Check the schedule for additional dates and locations. Contact us to suggest a location or schedule custom training for your organization.

New Podcast

DrupalEasy Podcast 82: Mapping Middle Earth
Posted Wednesday, May 9 at 7:50 am
Brandon Morrison (Brandonian on drupal.org) joins Andrew Riley and Mike Anello on the first post-DrupalCon Denver edition of the podcast to talk about all things Geo in Drupal 7. Brandon is one of the maintainers of the GeoField module and is an active member of the Drupal Geo community.
Download Podcast 82
DrupalEasy_ep82_20120509.mp3
read more
Syndicate content

Newsletter

Stay up-to-date on DrupalEasy workshops and other events. On average, we send about one newsletter per month.

Testimonial

Anonymous
Mike is a great teacher!
read more

Who are we?

DrupalEasy is the collective expertise of Ryan Price and Michael Anello, who joined forces to provide training and consulting services worldwide. Read all about them and what they can do.

What is Drupal?

Drupal is a free, super-powerful content management system for sites that require information posting and collection, including blogs, forums, videos, photos, and databases of information. We think it is the best platform available. Here's why...

Why Drupal?

More and more savvy organizations are going with Drupal for content management, and its no mystery why. It’s free, flexible, and easy to maintain for small or large volume sites. Learn more...

Do Not Use "admin" as a Username

Submitted by ultimike on Mon, 08/03/2009 - 14:27

Perhaps the most critical component of a Drupal site's security is the user login. For a login attack to be successful, the attacker must guess both the username and its password -- usually an impossible feat. But if the username can be easily guessed, that reduces the potency of this key security barrier. Far too many Drupal sites have "admin" as a username. Even worse, this is typically not a username assigned to a user who only has permissions for relatively innocuous capabilities, such as commenting on articles. Instead, that username is oftentimes chosen by the site developer for use by the site administrator working within the organization that owns the site. Worst of all is when "admin" is chosen as the name for the site's superuser (user/1).

An advisable security practice is to never use "admin" or any other easily guessable username, particularly for the superuser and any other users that have powerful administrative permissions. You can -- and in most cases should -- create a role named "admin", and then create a user account for the site administrator, apart from the superuser, and assign that new account to the admin role. This allows for multiple administrator accounts, each with a unique name.

Attackers use all sorts of clues to try to guess valid username/password combinations. Don't make it easy for them!

Thanks to Michael J. Ross for today's DrupalEasy Quicktip!

Trackback URL for this post:

http://drupaleasy.com/trackback/193
No votes yet

More Quicktips


Syndicate content