Support the ongoing development of Laravel.io →
eina61
posted 5 years ago
Security
Last updated 1 year ago.
0
dynamogeek
replied 5 years ago
Solution

Personally, I'd suggest a "user invitation system", or just have the admin create the accounts straight out.

The idea of "security in depth" says you shouldn't allow anyone any more access than they absolutely need. If you disable registration, you put up one more barrier between the naughty people and your data.

With registration disabled, you have some options (the below being just some examples):

  • Have the admin create the accounts outright
  • Have the admin send an 'invitation' to an email (and only allow that email to use it)
  • Create single use 'invitation links' that allow a user to register

The most straight forward and secure method is probably to just have the admin create the accounts out right. If you know what the emails will be, that's probably the choice I'd go with.

0
eina61
replied 5 years ago

Yes, that does sound like the best way to go - the admin already has to take action for each new user so I will have them create the whole account instead as it isn't a lot of extra work.

Thanks very much.

0
dynamogeek
replied 5 years ago

Of course! Glad I could be your rubber duck. ;)

0

Sign in to participate in this thread!

Eventy

Your banner here too?

Dave eina61 Joined 8 Nov 2018

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise