General discussion

To continue a thread that was apparently started during DrupalCon over a few beers, I would like to discuss redesigning the distributed authentication system that drupal uses. One of the proposals that I favor is this one:

http://alec.bohemiandrive.com/perm/2005/02/18/distributed-authentication

The drupal-devel thread that started this discussion:

http://lists.drupal.org/archives/drupal-devel/2005-03/msg00708.html

I'll start with why the current design doesn't work very well for me.

My primary problem with it is that you (the user) have to trust the site that you're logging into using your remote server as an identity authority. You must trust that it is not logging your cleartext password anywhere for malicious purposes. This is a psychological barrier to using this technique in a widespread way. Especially considering the whole purpose of this is that you can go to some random drupal site and enter your local (say drupal.org) username/password to register. If I'm just now registering on a site, then I probably don't know enough about the site to say whether I should trust it or not.

My second problem is that the server that your logging into is sending your password to drupal.org (or your auth server) unencrypted. What this means is that any machine on the network between this server and drupal.org could sniff your username and password on drupal.org. It would be fairly easy to step into the middle of the communication line and either take over or listen in on this interaction. If a particularly popular site were targeted, many identities could be compromised this way.

Hi

I like the Drupal design very much. I already use xoops for my homepage, and I have a lot of users. Is it possible to convert the database from xoops to Drupal ?

For the life of me, I can't get clean URLs to work. I've searched extensively and can't find a topic here or elsewhere that resolves the problem.

I've set up Drupal, Apache, PHP, and MySQL on my machine here in the office in order to create an office intranet. When I choose to enable Clean URLs, I get a "Not Found" error.

I'm running on an XP Pro machine, using Apache 2.054.

The base URL for the Drupal site is http://localhost/vbcintranet. I've run the following script:

print_r(apache_get_modules());

to test that mod_rewrite is properly loaded on the server, and it shows it available.

My .htaccess file contains the following in the Rewrite section:

# Various rewrite rules
<IfModule mod_rewrite.c>
  RewriteEngine on

  # Modify the RewriteBase if you are using Drupal in a subdirectory and the
  # rewrite rules are not working properly:
  RewriteBase /vbcintranet/

  # Rewrite old-style URLS of the form 'node.php?id=x':
  #RewriteCond %{REQUEST_FILENAME} !-f
  #RewriteCond %{REQUEST_FILENAME} !-d
  #RewriteCond %{QUERY_STRING} ^id=([^&]+)$
  #RewriteRule node.php index.php?q=node/view/%1 [L]

  # Rewrite old-style URLs of the form 'module.php?mod=x':
  #RewriteCond %{REQUEST_FILENAME} !-f
  #RewriteCond %{REQUEST_FILENAME} !-d
  #RewriteCond %{QUERY_STRING} ^mod=([^&]+)$
  #RewriteRule module.php index.php?q=%1 [L]

  # Rewrite URLs of the form 'index.php?q=x':
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>

It's essentially the default .htaccess, with only one change: I have played with various options for the RewriteBase directive, thinking it made sense that that might be the problem, but to no avail.

I'm not a programmer (I know enough to be dangerous), and would really appreciate some leads on how to get this functioning.

Thanks,
Mark

Team,

I am totally new to Drupal. I am a developer using java, bea weblogic and oracle. I heard that drupal is quick and easy to create some websites. I downloaded drupal-4.5.2. Can anybody guide me what need to be done next?

1. How to use drupal?
2. Want to know how to use the demo at the following site:
http://opensourcecms.com/index.php?option=content&task=view&id=132

Hi everybody,

I'm not yet deep into drupal - I'll probably study it next week,
so i'm here to ask a probably simple question.

Is there an easy way to separate article from its comments?

In forum the original post and its comments have identical visual "weight", but for stories I would like to make very apparent the differences from article and its comments, perhaps even separated at all (comments in a popup window).

Thanks for your attention, and please me for my english (for this message and the following).

Ghibli

K fellow Drupal users.... I'm so at my wit's end.

I'm trying to get a website up and running daily for a business I've been wanting to launch now since October.
I'm finding myself from Drupal 4.4 to current between two websites, dancing around with fixes, patches, etc to get parts working to how I need customized for my needs in alignment with my business focus. I initially upgraded from 4.4 to 4.5 because of the functionality that its modules contained that 4.4 didn't have to offer so I HAD to upgrade at that time AND have been happy for the most part besides the pressure I put on myself to get things customized just right.

I'm at the computer probably a good 10 hours a day trying to log my changes, wait for feedback on issues from my fellow drupallers, while creating content, etc... and then now most issues seem to be about more and more improvement focusing towards 4.6. I totally agree and am FOR that vision of achieving perfection in workability especially with php 5.0 demands, etc. Still, I want what 4.5 has to offer so I can start my business now.

I don't want to upgrade to 4.6 if I don't have to thus far (did with one of my sites and that was a day of policing sections that didn't upgrade properly) - so with 4.5 modules currently, and I know that many are not core items as they are just contributed, but can we not lose the focus that some people do want for certain versions to remain as they are and not upgrade until they have to?