It would be good to have a compile option for ecFlow, which changes the default behavior of ecFlow in a way that only the user starting the server is on the default white list and all other users need to be added explicitly.

The current open setup is a bit difficult for sites with inexperienced users (e.g. universities where permanent new students get system access). A ecFlow installation compiled with a closed/reduced default white list would be a ideal solution to protect user from unintended opening their suites / user accounts.

The setup as it is at the moments hinders me to push my IT department to a maintain a root installation of ecFlow and thus adds unnecessary work to the normal user.