diff --git a/INSTALL.md b/INSTALL.md index 2993f3a9e2..5c67f14ed6 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -402,8 +402,8 @@ This process uses a setting `registration_shared_secret` in `homeserver.yaml`, which is shared between Synapse itself and the `register_new_matrix_user` script. It doesn't matter what it is (a random value is generated by `--generate-config`), but it should be kept secret, as -anyone with knowledge of it can register users on your server even if -`enable_registration` is `false`. +anyone with knowledge of it can register users, including admin accounts, +on your server even if `enable_registration` is `false`. ## Setting up a TURN server diff --git a/changelog.d/4844.misc b/changelog.d/4844.misc new file mode 100644 index 0000000000..eff6f1c43c --- /dev/null +++ b/changelog.d/4844.misc @@ -0,0 +1 @@ +Clarify what registration_shared_secret allows for. diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index b62745dd6e..22d5e6b1d7 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -624,8 +624,8 @@ enable_registration: False # - medium: msisdn # pattern: '\+44' -# If set, allows registration by anyone who also has the shared -# secret, even if registration is otherwise disabled. +# If set, allows registration of standard or admin accounts by anyone who +# has the shared secret, even if registration is otherwise disabled. # # registration_shared_secret: diff --git a/synapse/config/registration.py b/synapse/config/registration.py index d34dc9e456..a123f25a68 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -92,8 +92,8 @@ class RegistrationConfig(Config): # - medium: msisdn # pattern: '\\+44' - # If set, allows registration by anyone who also has the shared - # secret, even if registration is otherwise disabled. + # If set, allows registration of standard or admin accounts by anyone who + # has the shared secret, even if registration is otherwise disabled. # %(registration_shared_secret)s