Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Administrator account: Where, when and how?

Tags:

php

asp.net

ruby-on-rails

Where, when and how to create the administrator account/user for a private website?

So what I am asking is what's the preferable technique for creating that first administrator account/user. In my case it's for a private webapplication. I am talking about the account/user that will own the application and will if needed create/promote the other administrators. I guess you can this guy the root user?

Here are a few ways I encountered in other websites/webapplication.

Installation wizard:
You see this a lot in blog software or forums. When you install the application it will ask you to create an administrator user. Private webapplication will most likely not have this.

Installation file:
A file you run to install your application. This file will create the administrator account for you.

Configuration files:
A configuration file that holds the credentials for the administrator account.

Manually insert it into a database:
Manually insert the administrator info into the database.

like image 962
Pickels Avatar asked May 15 '10 07:05

Pickels

1 Answers

When:

On a bootstrapping phase. Someone has suggested seeds.rb. I personally prefer to use the bootstrapper gem (with some addtions that allow me to parse csv files).

This action allows you to create a rake task which can be invoked like this:

rake db:bootstrap

This will create the initial admin user, as well as any seeding data (such as the list of countries, or a default blog format, etc). The script is very flexible. You can make it ask for a password, or accept a password parameter, if you feel like it.

How:

In all cases I use declarative_authorization in order to manage user permissions.

Your admin user must return a role called 'admin' (or whatever name you choose) on the list of roles attached to it. I usually have 1 single role per user, mainly because I can use role inheritance (e.g. admins are also editors by default). This means that on my database I've got a single field for users called "role_id". 0 is usually for the admin role, since it is the first one created.

Where:

A specific file inside db/bootstrap/users.rb (or yaml, or csv) specifies the details of a user with the admin role activated. The rake db:boostrap order parses that file and creates the user accordingly.

like image 109
kikito Avatar answered Sep 25 '22 01:09

kikito
Sign in to Comment

Related questions

How does PHP work - literature
Add a custom variable to an email header already within a gmail inbox
Hadoop application development, and PHP
PHP security question?
Enumerate registered namespaces of a PHP DOMDocument object
php memory how much is too much
PHP include() alternative?
Good Guide For Web App Security?
How to search a 'near word' in MySQL?
How to use the php fopen() correctly
php how to serialize array of objects?
phpUnderControl and CodeBrowser
Need help with nested atomic operations involving PDO transactions
How to parse a phpDoc style comment block with PHP?
Drupal CCK Date: how to set datetime field's default value to a fix date?
Which Code Should Go Where in MVC Structure
Superfish: How to keep sub menu open after it has been clicked
PHP unlink OR rewrite own/current file by itself
Testing for security vulnerabilities on web applications
phpunit command doesn't work for laravel 4 on windows 7

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!