I am wondering what the best practices are for creating non-loggable accounts. On StackOverflow, there is a Community Wiki account that I'm assuming can't be logged into.
How should I go about scripting for non-loggable accounts? If there is an account that I don't want to be accessible, should I set parameters like you can't log into accounts with IDs less then 0? Or should I just manually define the IDs that cannot be logged into in the configuration ID? or is there a better way?
To me you should use a flag in the account data, in order to set or revoke the logging capability.
This capability can be enforced with a query at sql level quite easily.
A query like:
select wathever from user where loggging=1 and user="aUser" and passwd="password"
can do the trick.
Answering your comment: Maybe using a colum appears not efficent to you but you have to consider the pro:
You have the information about your users in a single layer, not scattered around beetween database, configuration files, or wathever
You can revoke or grant the logging capability to any account without having to modify configuration files