This repository has been archived by the owner on Feb 23, 2020. It is now read-only.
Authenticated user can register any other user #199
Comments
|
The issue is in your security roles. I have a setup where you can sign up only yourself and can't see other users. If bet it is the permission to view other users. |
|
Hi JobotBobica, I assume you mean Permissions>User>View User Information |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
To me, this is a security issue, as a standard user can use the registration form to identify who else is a user of the site. There appears to be no way I can restrict an ordinary user to be able to register only themselves; instead, every user gets the option of
When they select Change, they get the autofill text box for any website user. This enables a user to list out who all the other users of the site are.
(ignore the "plain text field" text box - that's just me trying to sort something else out)
The text was updated successfully, but these errors were encountered: