Skip to content
This repository has been archived by the owner on Jan 4, 2025. It is now read-only.

Add config whether update password is allowed with register operation #4

Open
chfoidl opened this issue Oct 2, 2023 · 0 comments
Open

Add config whether update password is allowed with register operation #4

chfoidl opened this issue Oct 2, 2023 · 0 comments
Assignees
@chfoidl
Labels
enhancement New feature or request

Comments

@chfoidl
Copy link
Member

chfoidl commented Oct 2, 2023

Currently the UpdatePasswordResource allows updating a user's password directly via the Verification API for the register and the set-password operations.

To minimize potential attack surface, updating the password via the register operation should be configurable so it can be disabled if a password is not set when registering new user accounts.
@chfoidl chfoidl added the enhancement New feature or request label Oct 2, 2023
@chfoidl chfoidl self-assigned this Oct 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@chfoidl chfoidl

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chfoidl