Updated Hardening Guide (markdown)
parent
2a2dc2bad1
commit
6db174db22
|
@ -4,7 +4,7 @@ The subsections below cover hardening related to vaultwarden itself.
|
||||||
|
|
||||||
## Disable registration and (optionally) invitations
|
## Disable registration and (optionally) invitations
|
||||||
|
|
||||||
By default, vaultwarden allows any anonymous user to register new accounts on the server without first being invited. While this is not necessary if you have access to the admin page, this is useful if you're the first user on the server and is recommended that you disable it in the admin panel (if the admin panel is enabled) or [[with the environment variable|Disable-registration-of-new-users]] to prevent attackers from creating accounts on your vaultwarden server.
|
By default, vaultwarden allows any anonymous user to register new accounts on the server without first being invited. While this is not necessary if you have access to the admin page, this is useful if you're the first user on the server and it's recommended that you disable it in the admin panel (if the admin panel is enabled) or [[with the environment variable|Disable-registration-of-new-users]] to prevent attackers from creating accounts on your vaultwarden server.
|
||||||
|
|
||||||
vaultwarden also allows registered users to invite other new users to create accounts on the server and join their organizations. This does not pose an immediate risk (as long as you trust your users), but it can be disabled in the admin panel or [[with the environment variable|Disable-invitations]].
|
vaultwarden also allows registered users to invite other new users to create accounts on the server and join their organizations. This does not pose an immediate risk (as long as you trust your users), but it can be disabled in the admin panel or [[with the environment variable|Disable-invitations]].
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue