'Founder' account

  • The forums usually have more than one administrator. Now the administrators (according of the permissions that these have) can ban, delete or edit others admins.


    In my opinion should exist a 'founder' account. The founder creates the forum and never can be banned or deleted and only the founder can edit his data (nick and email).


    If the founder wants to transfer the account to another person may do so by editing the account data.


    It's a security measure used in other forums and I think it is a very good idea. It is a very simple measure to protect a forum and that can avoid many problems. The security in all aspects is very important.

  • You shouldn't give access to users you don't trust. So normally it is not needed in my opinion.


    The trust is broken in the least expected moment. ;)


    The informatic security should not be based on human trust should only be based on the technical means to avoid it. We are not talking about human relationships, we are talking about forum (web application) security.

  • Install the board, ranem the admin group to "Founders" and create a new admin group with administrative rights that doesn not have the right to edit the "Founders" group.


    What you want is easily achieved with the existing system.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • ...and don't permit the general administrative group to create a new group, otherwise the could create a new group with all permissions.


    I know this is a way to regain the privileges and is the main reason for this suggestion.


    When you install the software You have to create a administrator account in the installation process. Is not more easy for inexperienced users convert this account in 'founder' and protect this account automatically?


    Perhaps the inexperienced user does not have notions about security or not thought that something bad can happen. An neglect or error in permissions can have bad consequences for the user/client.


    We can make the security something easy or complicated for users but easy is always better.

  • You can't ptotect people from badjudgement or human error.


    If you promote someone to admin, you give him full access to your board. That is your decision. If you don't want that, you can create user groups with administrative rights, but some other restrictions.


    There is no need for an artificial, hard coded "founder" account. Ownership might change, there might be more then 1 admin who should have all the rights and so on. The current system allows you to create your own solution based on your own needs. It is with this software as with everything else: When security comes into play: Think! Not thinking will never be secure.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • You can't ptotect people from badjudgement or human error.


    I do not want to protect people from all their errors, only want establish simple and effective security measures.


    Ownership might change, there might be more then 1 admin who should have all the rights and so on.


    The 'founder' account allows all that. Only protects the 'founder' from 'bad admins'. There may be more admins and they can have all rights but never can edit, ban or delete to the founder.


    As I explained earlier if founder want to transfer the account only you just have to change the data from founder account and put the data from other person. Or transfer the founder status (in phpbb is done through a checbox).


    The founder is not a user group is an only person. It makes no sense to make a users group if can add their protection by default.


    In many softwares, no only in forums software, there are founders or superadmin accounts to have the system under control always.


    May seem unnecessary to you but for example the phpbb community takes a lot of time using it as a security measure.

  • Seems to me that renaming the current "Administrator" group to "Super Administrators" and introducing a new group named "Administrators" that can not edit the super admins would be a far more practical approach then adding a new "founder" status or else.


    That would offer the same protection as you described while still keeping the current system intact. But still, I don#t really see the need for that. You can enable the master password that protects some of the extremly critical areas of the ACP (Modules -> Enable master password).

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy