@mattab opened this issue on September 30th 2014

A Super User has a lot of power and with it comes a lot of responsibility. The goal of this issue is to create a new config setting eg. secure_mode that is disabled by default. When enabled it will limit some of the powers of Super Users.

In particular it will prevent: - uploading custom plugin via .zip upload - create a new config setting for this - installing plugin from the marketplace - set config setting: enable_marketplace=0 - Super User seeing other users token_auth - set config setting in #6346

Possibly there are other insecure items that a Super User could do that we want to limit in the secure mode?

Powered by GitHub Issue Mirror