Changes for page Security

Last modified by Vincent Massol on 2023/12/05

From version < 1.2 >
edited by vmassol
on 2006/12/17
To version < 1.6 >
edited by Vincent Massol
on 2007/03/16
Change comment: There is no comment for this version



Page properties
... ... @@ -1,1 +1,1 @@
1 -XWiki.vmassol
1 +XWiki.VincentMassol
... ... @@ -2,6 +2,19 @@
2 2  
3 3  It's important you spend some time understanding the different settings you can modify to protected your wiki.
4 4  
5 +1.1 Superadmin account
6 +
7 +XWiki provides a superadmin account. It is special, because:
8 +* It is not stored in the database
9 +* It cannot be modified in any way
10 +* It always has full access, regardless of the rights settings
11 +
12 +#warning("Because it is so powerful, it is not safe to leave it enabled for a long time.")
13 +
14 +By default, this account is disabled. To enable it, you have to edit <tt>&lt;xwiki-dir&gt;/WEB-INF/xwiki.cfg</tt>, uncomment the <tt>xwiki.superadminpassword=system</tt> line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing <tt>xwiki.cfg</tt>.
15 +
16 +#info("Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password, if you messed up some rights or if you have deleted your admin user by mistake.")
17 +
5 5  1.1 Cookie Encryption Keys
6 6  
7 7  When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the ~~xwiki.cfg~~ configuration file. This file is located in ~~WEB-INF/~~ in the XWiki WAR (see the [Installation>AdminGuide.Installation] for where it's installed).

Get Connected