kutt icon indicating copy to clipboard operation
kutt copied to clipboard

Published 20 hours ago verified publisher icon thedevs-network

Disable user signup by default

Open slfhstr opened this issue 3 years ago • 1 comments

Was rather shocked to find that user signup in env is true by default. Clear security issue. It should be disallow by default. And some warning about user signup[ enable should be displayed.

If a system allows open multiple users, really there be an admin user who can check other users and disable/delete/block.

Kinda poor that I have to do a postgres terminal query to show user table and delete manually.

slfhstr avatar May 14 '22 21:05 slfhstr

disabling user signup by default is a sensible default.

However, the app currently does not have dedicated admins. So it makes sense to have it on by default. Once the user creates his/her account, they can disable it.

It will be reasonable to show some warning in the documentation though.

It also has to be noted that some people may want to operate a public url shortener. So showing an error on the app isn't going to cut it

dkyeremeh avatar Dec 07 '22 20:12 dkyeremeh