diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/CHANGES.md | 2 | ||||
| -rw-r--r-- | doc/INSTALL.md | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/doc/CHANGES.md b/doc/CHANGES.md index 9f1127e34..debf9d7c7 100644 --- a/doc/CHANGES.md +++ b/doc/CHANGES.md @@ -9,11 +9,13 @@ * Improvements to the accessibility of the search boxes (Nathan Jenkins) * Only one email sent when asking for admin attention to a request [issue #789](https://github.com/mysociety/alaveteli/pull/864) (Matthew Landauer) * A number of XSS escaping fixes for Version 0.7 (Matthew Landauer) +* The emergency admin account can now be disabled ## Upgrade notes * Check out this version and run `rails-post-deploy` as usual. * Remove adminbootstrap from the THEME_URLS or THEME_URL config variable, and remove vendor/plugins/adminbootstraptheme, and the softlink public/adminbootstraptheme. * There is a new config variable FORCE_SSL, which defaults to true, meaning that Alaveteli will redirect all "http" requests to "https", set the Strict-Transport-Security header and flag all cookies as "secure". For more information about running your install over SSL/TLS, see the [install guide](https://github.com/mysociety/alaveteli/blob/develop/doc/INSTALL.md#set-up-production-web-server). If you don't want to run over SSL/TLS, add the config variable FORCE_SSL to your config/general.yml and set it to false. +* If you would like to disable the emergency user account, set DISABLE_EMERGENCY_USER to true in you config/general.yml # Version 0.7 ## Highlighted features diff --git a/doc/INSTALL.md b/doc/INSTALL.md index c8ce6390f..2156f4c4a 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -301,7 +301,7 @@ There is an emergency user account which can be accessed via `/admin?emergency=1`, using the credentials `ADMIN_USERNAME` and `ADMIN_PASSWORD`, which are set in `general.yml`. To bootstrap the first `super` level accounts, you will need to log in as the emergency -user. +user. You can disable the emergency user account by setting `DISABLE_EMERGENCY_USER` to `true` in `general.yml`. Users with the superuser role also have extra privileges in the website frontend, such as being able to categorise any request, being |