rng icon indicating copy to clipboard operation
rng copied to clipboard
verified publisher icon dpi

Authenticated user can register any other user

Open onetoomany opened this issue 6 years ago • 2 comments

To me, this is a security issue, as a standard user can use the registration form to identify who else is a user of the site. There appears to be no way I can restrict an ordinary user to be able to register only themselves; instead, every user gets the option of image

When they select Change, they get the autofill text box for any website user. This enables a user to list out who all the other users of the site are. image (ignore the "plain text field" text box - that's just me trying to sort something else out)

onetoomany avatar Oct 03 '19 20:10 onetoomany

The issue is in your security roles. I have a setup where you can sign up only yourself and can't see other users. If bet it is the permission to view other users.

JobotBobica avatar Nov 12 '19 20:11 JobotBobica

Hi JobotBobica,

I assume you mean Permissions>User>View User Information Its not ticked for the generic user - only the admin can see others there. The standard user pretty much has nothing ticked except RNG>Register Self

onetoomany avatar Nov 15 '19 21:11 onetoomany