Thanks for the information @Justin_B
I’ve been digging a bit deeper and also read this User management: Security flaws?
It looks to me like it might be possible for a sufficiently motivated and knowledgable user to circumvent the restriction on changing the user field either via deadlinecommand usage to modify users or by sending a modified http request to the deadline rcs.
Is there any way around this?
I understand that most studios probably trust their staff enough for this not to be an issue for them, but I don’t think we can risk it with undergraduate students.
Thanks