You are here

Home » API reference » Paranoia 7

README.txt in Paranoia 7

Same filename and directory in other branches
  1. 8 README.txt
  2. 6 README.txt
Description:
===========
Paranoia module is for all the sysadmins out there who think that
allowing random CMS admins to execute PHP of their choice is not
a safe idea.

What it does:
=============
- Disable the PHP module.
- Disable granting of the "use PHP for block visibility" permission.
  Save the permissions form once to remove all previous grants.
  (An error appears in the site status report if a role still has this
  permission.)
- Disable granting to Anonymous or Authenticated any permission that is
  marked "restrict access" in a module's hook_permission.
- Disable granting several permissions from popular contribs that are not
  marked as "restrict access" but are still important.
- Remove the PHP and paranoia modules from the module admin page.
- Provides a hook to let you remove other modules from the module admin page.


Using the feature to scramble the password for stale accounts
=============================================================
Paranoia includes a feature to scramble the password of an account that has not
logged in for a while. This feature uses a queue so that it can scalably handle
scrambling the password of thousands of accounts. The "scramble" does not set a
new password. It sets the password to an invalid string which will
always fail when compared to any user input. To use this feature:

1. Navigate to /admin/config/system/paranoia to configure how many days an
   account must be inactive before it's password will be scrambled. Also
   choose whether or not to email users letting them know their password was
   reset.

2. Use the Drush command to queue up accounts to be marked as stale:

  drush -v paranoia-reset-stale-accounts

3. Run the queue to process the stale expirations:

  drush -v queue-run paranoia_stale_expirations

Using the -v option on drush will show extra information about the operations.

You can also let cron handle processing the queue, though that may take a long time.

NOTE on disabling:
=====
The only way to disable paranoia module is by changing its status in the
database system table.  By design it does not show up in the module
administration page after it is enabled.

You can disable it with a database query:
UPDATE system SET status = 0 WHERE name = 'paranoia';

Or you can disable it with drush:
drush dis paranoia

Support
=======
View current issues:
http://drupal.org/project/issues/paranoia
Submit a new issue:
http://drupal.org/node/add/project-issue/paranoia

Development
===========
All development happens in branches like 7.x-1.x and 6.x-1.x

Maintainers
======
Gerhard Killesreiter
Greg Knaddison @greggles

File

README.txt
View source 
  1. Description:

  2. ===========

  3. Paranoia module is for all the sysadmins out there who think that

  4. allowing random CMS admins to execute PHP of their choice is not

  5. a safe idea.

  6. 

  7. What it does:

  8. =============

  9. - Disable the PHP module.

  10. - Disable granting of the "use PHP for block visibility" permission.

  11.   Save the permissions form once to remove all previous grants.

  12.   (An error appears in the site status report if a role still has this

  13.   permission.)

  14. - Disable granting to Anonymous or Authenticated any permission that is

  15.   marked "restrict access" in a module's hook_permission.

  16. - Disable granting several permissions from popular contribs that are not

  17.   marked as "restrict access" but are still important.

  18. - Remove the PHP and paranoia modules from the module admin page.

  19. - Provides a hook to let you remove other modules from the module admin page.

  20. 

  21. 

  22. Using the feature to scramble the password for stale accounts

  23. =============================================================

  24. Paranoia includes a feature to scramble the password of an account that has not

  25. logged in for a while. This feature uses a queue so that it can scalably handle

  26. scrambling the password of thousands of accounts. The "scramble" does not set a

  27. new password. It sets the password to an invalid string which will

  28. always fail when compared to any user input. To use this feature:

  29. 

  30. 1. Navigate to /admin/config/system/paranoia to configure how many days an

  31.    account must be inactive before it's password will be scrambled. Also

  32.    choose whether or not to email users letting them know their password was

  33.    reset.

  34. 

  35. 2. Use the Drush command to queue up accounts to be marked as stale:

  36. 

  37.   drush -v paranoia-reset-stale-accounts

  38. 

  39. 3. Run the queue to process the stale expirations:

  40. 

  41.   drush -v queue-run paranoia_stale_expirations

  42. 

  43. Using the -v option on drush will show extra information about the operations.

  44. 

  45. You can also let cron handle processing the queue, though that may take a long time.

  46. 

  47. NOTE on disabling:

  48. =====

  49. The only way to disable paranoia module is by changing its status in the

  50. database system table.  By design it does not show up in the module

  51. administration page after it is enabled.

  52. 

  53. You can disable it with a database query:

  54. UPDATE system SET status = 0 WHERE name = 'paranoia';

  55. 

  56. Or you can disable it with drush:

  57. drush dis paranoia

  58. 

  59. Support

  60. =======

  61. View current issues:

  62. http://drupal.org/project/issues/paranoia

  63. Submit a new issue:

  64. http://drupal.org/node/add/project-issue/paranoia

  65. 

  66. Development

  67. ===========

  68. All development happens in branches like 7.x-1.x and 6.x-1.x

  69. 

  70. Maintainers

  71. ======

  72. Gerhard Killesreiter

  73. Greg Knaddison @greggles