On 18 May 2018, at 9:35, Thomas Mortagne wrote: > On Thu, May 17, 2018 at 10:10 PM, Kwan Kim <[email protected]> wrote: >> 2. No controls for Account Creation >> The vulnerability test team think it is too easy to create new account >> Is there any way that new account need to get approval from admin user ? > Its possible to disable registration and let admins create accounts > but I don't think there is any support for admin validation of self > registered users (but it's possible I missed it).
I think that breaking the activation mail reaches that (e.g. prevent mails, remove the link from the validation mail content) and let admins act after they are requested by email. paul
signature.asc
Description: OpenPGP digital signature
