Tags:
create new tag
view all tags

SID-00045: Understanding the Registration Process

Status: Answered Answered TWiki version: 4.1.2 Perl version: 5.8.5
Category: CategoryRegistration Server OS: RHEL4 Last update: 15 years ago

I'd like to better understand the TWiki registration process. I thought I had "locked down" registration, so that users could not register themselves but logged in via Kerberos and Apache externally. This seemed to work for quite some time. However, yesterday, for the first time I can remember, I got an email notification that someone had completed the registration process themselves and created a user account local to TWiki. I'm not sure what could have changed, as the only recent configuration change made to the TWiki site in the past year was applying the recent anti-vulnerability patch to the 'configure' script.

In data/log200901.txt, I see the following entries: 18 Jan 2009 - 13:48 | MyUsersKerberosName | view | TWikiRegistration | | my-proxy's-IP-address | 18 Jan 2009 - 13:49 | MyUsersTWikiName | regstart | MyUsersTWikiName | users-email@addressPLEASENOSPAM.com | my-proxy's-IP-address | 18 Jan 2009 - 13:50 | MyUsersKerberosName | view | TWikiUsers| | my-proxy's-IP-address |

In data/.htpasswd, I see the following entries: MyUsersTWikiName:AnEncryptedPassword:

The topic MyUsersTWikiName does not exist, there is nothing relevant in data/RegistrationApprovals/, and the user's name has not been added to the TWikiUsers topic.

Have I just been lucky that users have never tried to register in this manner before? or has something changed that I should have fixed after upgrading from Cairo to 4.1.2 (or the recent patch)?

What is the best way to both prevent such registration attempts in the future, and let the user know what's going on? I assume a 'deny' rule in the Apache configuration is in order, as well as a manual edit of the Registration page (which I thought I had made but may have been overwritten at some point). Details on these, as well as other recommended measures, would be very much appreciated.

Thank you!

-- JohnDeStefano - 19 Jan 2009

Discussion and Answer

The {Register}{EnableNewUserRegistration} configure setting should take care of disabling new user registrations. I think this is available since TWiki 4.2, so you would need to upgrade.

-- PeterThoeny - 19 Jan 2009

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title Understanding the Registration Process
SupportCategory CategoryRegistration
TWiki version 4.1.2
Server OS RHEL4
Web server Apache 2.0.52
Perl version 5.8.5
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2009-01-19 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.