You can disable invitations on first creation of the docker container if you specify an admin key and use the admin panel to send an invite.

2021-03-03 14:36:57 -05:00 · 2021-03-03 14:36:57 -05:00 · e1bb0d293b
parent 4b9dedbfaa
commit e1bb0d293b
1 changed files with 1 additions and 1 deletions
--- a/Hardening-Guide.md
+++ b/Hardening-Guide.md
@ -4,7 +4,7 @@ The subsections below cover hardening related to bitwarden_rs itself.

 ## Disable registration and (optionally) invitations

-By default, bitwarden_rs allows any anonymous user to register new accounts on the server without first being invited. This is necessary to create your first user on the server, but it's recommended that you disable it in the admin panel (if the admin panel is enabled) or [[with the environment variable|Disable-registration-of-new-users]] to prevent attackers from creating accounts on your bitwarden_rs server.
+By default, bitwarden_rs allows any anonymous user to register new accounts on the server without first being invited. While this is not necessary if you have access to the admin page, this is useful your first user on the server and is recommended that you disable it in the admin panel (if the admin panel is enabled) or [[with the environment variable|Disable-registration-of-new-users]] to prevent attackers from creating accounts on your bitwarden_rs server.

 bitwarden_rs also allows registered users to invite other new users to create accounts on the server and join their organizations. This does not pose an immediate risk (as long as you trust your users), but it can be disabled in the admin panel or [[with the environment variable|Disable-invitations]].