I’ve downloaded and installed the Passbolt CE by using the docker container, more precisely I’ve used the docker image: passbolt/passbolt:2.7.1-debian
But, when I access to the registration page, there’s a banner that says:
Disclaimer: Please use a disposable email address. Do not use your real email address if you are not confortable with other testers being able to see it.
Warning: Demo data will be deleted periodically. This is a demo instance of passbolt for trial purposes only. Do not use it to store sensitive information.
So, is It CE version or is it a demo version? Is it usable in production even though I obviously know we won’t have the PRO features?
Yes you are using the CE and it’s usable in production. However by default Passbolt CE should not be with this “open registration” setting on, but users should be added by an administrator. This is to prevent any random person from signing up an impersonating another user, e.g. tricking them into sharing a secret.
Historically this setting was present to put passbolt in this unsafe demo mode. Can you tell us more about your use case and why it make sense for you to have an open registration? Maybe we can fix something up in the next release. There is another feature request to have open registration open but only if an email ends up with a given domain, which IMHO makes a lot of sense.
The reason I set up “public registration” was because our idea was to deploy passbolt only in our internal network which only IT people can access, and that was an easier set up to let every engineer to register himself up instead of having to send invitation emails.
Even with that, I agree that the email domain filter would be a great feature
