Well, there's nothing that says a) the admin account has to keep the same name, in fact I recommend changing the username just on general principle; b) the admin account has to be UID 1; c) there is only one admin account; d) some random yahoo couldn't make a user account called "site admin" anytime he wanted. If you wanted you could demote UID 1 to a regular user and promote a different user to admin. (But in the other order... always make sure at least one account is superuser unless you like mucking about in mysql directly!) There is no prevention in terms of searching for the entire list of users. Just as there is no prevention of searching and returning every comment or every story - in fact those are rather handy features to quickly find the most recently posted comments, for example. Given that a lot of software not only doesn't hide which accounts are the admin accounts but advertise it beside their username on every comment they make, I'm curious to know what benefit hiding the name of the admin account would provide. -janra On Wed, 20 Feb 2008 23:03:12 -0500, Steve Baetz wrote: > I noted a method in the list archives about using the Search function and > using a Find: Users with a blank string. > > Problem I see here is that this could reveal the admin account to someone > who may be looking for it. Question is how do you prevent users from > searching for the entire list of users on the site? > > Though the admin account could be obfuscated by a different name, this is by > no means an effective security measure. > > Thanks. > Steve > _______________________________________________ > Scoop-help mailing list > Scoop-help at lists.kuro5hin.org > http://lists.kuro5hin.org/mailman/listinfo/scoop-help