Changes for page Security

Last modified by Simon Urli on 2023/12/26

From version 1.4
edited by Vincent Massol
on 2007/03/16
Change comment: There is no comment for this version
To version 1.2
edited by vmassol
on 2006/12/17
Change comment: There is no comment for this version



Page properties
... ... @@ -1,1 +1,1 @@
1 -XWiki.VincentMassol
1 +XWiki.vmassol
... ... @@ -2,18 +2,6 @@
2 2  
3 3  It's important you spend some time understanding the different settings you can modify to protected your wiki.
4 4  
5 -1.1 Superadmin account
6 -
7 -XWiki provides a superadmin account. It is special, because:
8 -* It is not stored in the database
9 -* It cannot be modified in any way
10 -* It always has full access, regardless of the rights settings
11 -Because it is so powerful, it is not safe to leave it enabled for a long time.
12 -
13 -By default, this account is disabled. To enable it, you have to edit <tt>&lt;xwiki-dir&gt;/WEB-INF/xwiki.cfg</tt>, uncomment the <tt>xwiki.superadminpassword=system</tt> line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing <tt>xwiki.cfg</tt>.
14 -
15 -#info("Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password or if you messed up the rights.")
16 -
17 17  1.1 Cookie Encryption Keys
18 18  
19 19  When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the ~~xwiki.cfg~~ configuration file. This file is located in ~~WEB-INF/~~ in the XWiki WAR (see the [Installation>AdminGuide.Installation] for where it's installed).

Get Connected