@mattab opened this Issue on September 30th 2014 Owner

A Super User has a lot of power and with it comes a lot of responsibility. The goal of this issue is to create a new config setting eg. secure_mode that is disabled by default. When enabled it will limit some of the powers of Super Users.

In particular it will prevent:

  • uploading custom plugin via .zip upload
    • create a new config setting for this
  • installing plugin from the marketplace
    • set config setting: enable_marketplace=0
  • Super User seeing other users token_auth
    • set config setting in #6346

Possibly there are other insecure items that a Super User could do that we want to limit in the secure mode?

Powered by GitHub Issue Mirror