Skip to content
Commit 01a087d1 authored by Ryan Campbell's avatar Ryan Campbell
Browse files

[SECURITY-166] Prevent the creation of anonymous, system or unknown users.

These users can still be instantiated, as would happen if there is no security and an anonymous user triggers a build -- the anonymous user would correctly be created and added to the User list. This fix merely prevents the saving of that user, and therefore prevents them from logging in.

There may be some plugins which trigger a build as the SYSTEM user, and that is not prohibited here.

Also prevent full names of 'anonymous', 'system' or 'uknown'. As discussed on SECURITY-166 this may encumber auditing since full names are used in most places in the UI
parent 889b46cc
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment