Hi Wouldn't it be safer if this feature is turned off be default?
best regards mike > -----Original Message----- > From: Eric Norman [mailto:[email protected]] > Sent: Wednesday, August 11, 2010 2:57 AM > To: [email protected] > Subject: Re: User managment > > > Hi Tony, > > Looks to me like you have discovered a bug. The self-reg > enabled flag is > not handled correctly when activating the component. > > I filed a new bug report > (*SLING-1639<https://issues.apache.org/jira/browse/SLING-1639> > )* to track the defect and I will fix it now. > > Regards, > -Eric > > On Tue, Aug 10, 2010 at 11:08 AM, Tony Giaccone > <[email protected]> wrote: > > > > > I'm reading from the Sling web site: > > > > "The jackrabbit-usermanager bundle delivers a REST > interface to create, > > update and delete users...." > > > > And I have been able to successfully add a user, by > executing the following > > curl cmnd. > > > > curl -F:name=reader -Fpwd=ourReader -FpwdConfirm=ourReader > -F"desc=Read > > only access" > > http://localhost:8080/sling/system/userManager/user.create.html > > > > Except that it seems that anyone at any time can post to > this URL and > > create a user. > > > > > > So I looked at the configuration for that bundle and found > a checkbox > > labled: > > > > Self-Registration Enabled > > > > When selected, the anonymous user is allowed to > register a new user > > with the system. (self.registration.enabled) > > > > > > And that checkbox was checked. So it seems that I should be > able to uncheck > > that box and prevent anonymous user creation. > > > > However, it doesn't work. I can still create new users as anonymous. > > > > What am I doing wrong? > > > > > > Tony >
