[antoangelino]

Hi,

Antonio from Sametab. You need to signup w/ Google or validate your working email before being able to read the announcements. This security rule is enforced into the database (it's Firebase Firestore).

> I'm curious how well protected it really is.

Feel free to ask questions!

> Also, is the first email from domain X to sign up the default admin for that domain?

The first one becomes the admin. We already implemented a RBAC system for managing users' permissions. You'll be able assign admin permissions from the webapp soon.

> How do you resolve disputes?

Drop us an email and we will re-assign the permissions!

[eat_veggies]

Are you able to defend against this type of thing?: https://medium.com/intigriti/how-i-hacked-hundreds-of-compan...

[antoangelino]

Interesting article, thanks for the link! If a company uses its main domain in the same way gitlab does, SSO is the only way to avoid security flaws. We do not support SSO now, but implementing it is feasible. Feel free to send us an email if you have a company IdP and you want to use Sametab.