diff --git a/api/configs/feature/__init__.py b/api/configs/feature/__init__.py
index 5ea7286444..8a24392ea2 100644
--- a/api/configs/feature/__init__.py
+++ b/api/configs/feature/__init__.py
@@ -364,8 +364,8 @@ class WorkflowConfig(BaseSettings):
     )
 
     MAX_VARIABLE_SIZE: PositiveInt = Field(
-        description="Maximum size in bytes for a single variable in workflows. Default to 200 KB.",
-        default=200 * 1024,
+        description="Maximum size in bytes for a single variable in workflows. Default to 5KB.",
+        default=5 * 1024,
     )
 
 
diff --git a/api/controllers/console/auth/forgot_password.py b/api/controllers/console/auth/forgot_password.py
index 5030791d3a..5cba5165d1 100644
--- a/api/controllers/console/auth/forgot_password.py
+++ b/api/controllers/console/auth/forgot_password.py
@@ -4,7 +4,6 @@ import secrets
 from flask import request
 from flask_restful import Resource, reqparse
 
-from configs import dify_config
 from constants.languages import languages
 from controllers.console import api
 from controllers.console.auth.error import (
@@ -22,6 +21,7 @@ from libs.password import hash_password, valid_password
 from models.account import Account
 from services.account_service import AccountService, TenantService
 from services.errors.workspace import WorkSpaceNotAllowedCreateError
+from services.feature_service import SystemFeatureModel
 
 
 class ForgotPasswordSendEmailApi(Resource):
@@ -44,7 +44,7 @@ class ForgotPasswordSendEmailApi(Resource):
         account = Account.query.filter_by(email=args["email"]).first()
         token = None
         if account is None:
-            if dify_config.ALLOW_REGISTER:
+            if SystemFeatureModel.is_allow_register:
                 token = AccountService.send_reset_password_email(email=args["email"], language=language)
             else:
                 raise NotAllowedRegister()
@@ -114,7 +114,7 @@ class ForgotPasswordResetApi(Resource):
             db.session.commit()
             tenant = TenantService.get_join_tenants(account)
             if not tenant:
-                if not dify_config.ALLOW_CREATE_WORKSPACE:
+                if not SystemFeatureModel.is_allow_create_workspace:
                     raise NotAllowedCreateWorkspace()
                 else:
                     tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
diff --git a/api/controllers/console/auth/login.py b/api/controllers/console/auth/login.py
index 5873825e6d..fd251de200 100644
--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@@ -28,6 +28,7 @@ from libs.password import valid_password
 from models.account import Account
 from services.account_service import AccountService, RegisterService, TenantService
 from services.errors.workspace import WorkSpaceNotAllowedCreateError
+from services.feature_service import SystemFeatureModel
 
 
 class LoginApi(Resource):
@@ -72,7 +73,7 @@ class LoginApi(Resource):
             AccountService.add_login_error_rate_limit(args["email"])
             raise EmailOrPasswordMismatchError()
         except services.errors.account.AccountNotFoundError:
-            if not dify_config.ALLOW_REGISTER:
+            if not SystemFeatureModel.is_allow_register:
                 raise NotAllowedRegister()
 
             token = AccountService.send_reset_password_email(email=args["email"], language=language)
@@ -116,7 +117,7 @@ class ResetPasswordSendEmailApi(Resource):
 
         account = AccountService.get_user_through_email(args["email"])
         if account is None:
-            if dify_config.ALLOW_REGISTER:
+            if SystemFeatureModel.is_allow_register:
                 token = AccountService.send_reset_password_email(email=args["email"], language=language)
             else:
                 raise NotAllowedRegister()
@@ -145,7 +146,7 @@ class EmailCodeLoginSendEmailApi(Resource):
 
         account = AccountService.get_user_through_email(args["email"])
         if account is None:
-            if dify_config.ALLOW_REGISTER:
+            if SystemFeatureModel.is_allow_register:
                 token = AccountService.send_email_code_login_email(email=args["email"], language=language)
             else:
                 raise NotAllowedRegister()
@@ -181,7 +182,7 @@ class EmailCodeLoginApi(Resource):
         if account:
             tenant = TenantService.get_join_tenants(account)
             if not tenant:
-                if not dify_config.ALLOW_CREATE_WORKSPACE:
+                if not SystemFeatureModel.is_allow_create_workspace:
                     raise NotAllowedCreateWorkspace()
                 else:
                     tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
diff --git a/api/controllers/console/auth/oauth.py b/api/controllers/console/auth/oauth.py
index c4d220a05b..4c001bdb59 100644
--- a/api/controllers/console/auth/oauth.py
+++ b/api/controllers/console/auth/oauth.py
@@ -17,6 +17,7 @@ from models.account import Account, AccountStatus
 from services.account_service import AccountService, RegisterService, TenantService
 from services.errors.account import AccountNotFoundError
 from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkSpaceNotFoundError
+from services.feature_service import SystemFeatureModel
 
 from .. import api
 
@@ -145,7 +146,7 @@ def _generate_account(provider: str, user_info: OAuthUserInfo):
     if account:
         tenant = TenantService.get_join_tenants(account)
         if not tenant:
-            if not dify_config.ALLOW_CREATE_WORKSPACE:
+            if not SystemFeatureModel.is_allow_create_workspace:
                 raise WorkSpaceNotAllowedCreateError()
             else:
                 tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
@@ -154,7 +155,7 @@ def _generate_account(provider: str, user_info: OAuthUserInfo):
                 tenant_was_created.send(tenant)
 
     if not account:
-        if not dify_config.ALLOW_REGISTER:
+        if not SystemFeatureModel.is_allow_register:
             raise AccountNotFoundError()
         account_name = user_info.name or "Dify"
         account = RegisterService.register(
diff --git a/api/services/account_service.py b/api/services/account_service.py
index 4290a804d1..a6014d0f3b 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -49,6 +49,7 @@ from services.errors.account import (
     TenantNotFoundError,
 )
 from services.errors.workspace import WorkSpaceNotAllowedCreateError
+from services.feature_service import SystemFeatureModel
 from tasks.mail_email_code_login import send_email_code_login_mail_task
 from tasks.mail_invite_member_task import send_invite_member_mail_task
 from tasks.mail_reset_password_task import send_reset_password_mail_task
@@ -196,7 +197,7 @@ class AccountService:
         is_setup: Optional[bool] = False,
     ) -> Account:
         """create account"""
-        if not dify_config.ALLOW_REGISTER and not is_setup:
+        if not SystemFeatureModel.is_allow_register and not is_setup:
             from controllers.console.error import NotAllowedRegister
 
             raise NotAllowedRegister()
@@ -487,7 +488,7 @@ class TenantService:
     @staticmethod
     def create_tenant(name: str, is_setup: Optional[bool] = False) -> Tenant:
         """Create tenant"""
-        if not dify_config.ALLOW_CREATE_WORKSPACE and not is_setup:
+        if not SystemFeatureModel.is_allow_create_workspace and not is_setup:
             from controllers.console.error import NotAllowedCreateWorkspace
 
             raise NotAllowedCreateWorkspace()
@@ -505,7 +506,7 @@ class TenantService:
         account: Account, name: Optional[str] = None, is_setup: Optional[bool] = False
     ):
         """Create owner tenant if not exist"""
-        if not dify_config.ALLOW_CREATE_WORKSPACE and not is_setup:
+        if not SystemFeatureModel.is_allow_create_workspace and not is_setup:
             raise WorkSpaceNotAllowedCreateError()
         available_ta = (
             TenantAccountJoin.query.filter_by(account_id=account.id).order_by(TenantAccountJoin.id.asc()).first()
@@ -803,7 +804,7 @@ class RegisterService:
             if open_id is not None or provider is not None:
                 AccountService.link_account_integrate(provider, open_id, account)
 
-            if dify_config.ALLOW_CREATE_WORKSPACE:
+            if SystemFeatureModel.is_allow_create_workspace:
                 tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
                 TenantService.create_tenant_member(tenant, account, role="owner")
                 account.current_tenant = tenant
@@ -952,4 +953,4 @@ class RegisterService:
 
 def _generate_refresh_token(length: int = 64):
     token = secrets.token_hex(length)
-    return token
\ No newline at end of file
+    return token
diff --git a/api/services/feature_service.py b/api/services/feature_service.py
index d5d9a9fb2c..45e7b03bc1 100644
--- a/api/services/feature_service.py
+++ b/api/services/feature_service.py
@@ -45,8 +45,8 @@ class SystemFeatureModel(BaseModel):
     enable_email_code_login: bool = False
     enable_email_password_login: bool = True
     enable_social_oauth_login: bool = False
-    is_allow_register: bool = True
-    is_allow_create_workspace: bool = True
+    is_allow_register: bool = False
+    is_allow_create_workspace: bool = False
 
 
 class FeatureService:
@@ -74,7 +74,7 @@ class FeatureService:
         return system_features
 
     @classmethod
-    def __fulfill_login_params_from_env(cls, features: FeatureModel):
+    def _fulfill_login_params_from_env(cls, features: FeatureModel):
         features.enable_email_code_login = dify_config.ENABLE_EMAIL_CODE_LOGIN
         features.enable_email_password_login = dify_config.ENABLE_EMAIL_PASSWORD_LOGIN
         features.enable_social_oauth_login = dify_config.ENABLE_SOCIAL_OAUTH_LOGIN