-
Suggestion
-
Resolution: Won't Do
-
None
-
None
-
1
-
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
General Description
When you invite a user or group to edit a page, there is no sanity check or confirmation in place to verify that this won't cause a large amount of spam to users.
Example: If there is a group called "all" and someone attempts to invite "Allison" to invite a page, they may instead invite everybody in the "all" group, which could be potentially thousands of users. Same thing for email as well.
References
In our Release Notes for 6.2 Notes, it notes that you can invite any user, or email, or group to edit.
There is no known workaround to prevent this behavior from happening other than removing the permissions to invite for a given Confluence user.
Suggestions
This feature request to add some type of "hey, wait a minute" confirmation dialog or restriction to prevent these kinds of issues.
Possible things to add
- add a confirmation dialog that tells them explicitly that their action will send an email to the users and/or groups selected with the consequences
- add a configurable threshold to disallow inviting more than X users or groups with more than Y users in a given timeframe (invite flood protection)
- enhance permissions (per CONFSERVER-7089 ) in order to let users only invite users and not groups or emails (or some combination thereof)
- relates to
-
- Closed
-
- Future Consideration