Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
In the config I see, that it is possible to allow everybody to add new users to the users table. Is it possible to limit this to some users by setting standard permissions (like it is with "delete records"). I didn't find such a field ... If the option "everybody" makes sense, it would be needed to limit this function to trusted people.
currently there's no user-specific permission for adding new users. If '$addNewUsers' is set to 'admin' in 'ini.inc.php' only the admin will be allowed to add new users. The 'everyone' mode is really only provided for people who want to install refbase manually (i.e. without using 'install.php' & 'install.sql'). Plus, I can imagine closed database installations where it may be beneficial that anyone can add himself to the database without needing to ask an admin to perform the task.
If you really trust a person, couldn't you then as well give this person the admin password? In it's current implementation refbase allows only one person to be assigned as admin. This may be changed in the future if many people feel limited by this.