Changes for page Security

Last modified by Simon Urli on 2023/12/26

From version 1.5
edited by Sergiu Dumitriu
on 2007/03/16
Change comment: There is no comment for this version
To version 1.1
edited by vmassol
on 2006/12/17
Change comment: There is no comment for this version



Page properties
... ... @@ -1,1 +1,1 @@
1 -XWiki.sdumitriu
1 +XWiki.vmassol
... ... @@ -1,20 +1,5 @@
1 1  1 Security
2 2  
3 -It's important you spend some time understanding the different settings you can modify to protected your wiki.
4 -
5 -1.1 Superadmin account
6 -
7 -XWiki provides a superadmin account. It is special, because:
8 -* It is not stored in the database
9 -* It cannot be modified in any way
10 -* It always has full access, regardless of the rights settings
11 -
12 -#warning("Because it is so powerful, it is not safe to leave it enabled for a long time.")
13 -
14 -By default, this account is disabled. To enable it, you have to edit <tt>&lt;xwiki-dir&gt;/WEB-INF/xwiki.cfg</tt>, uncomment the <tt>xwiki.superadminpassword=system</tt> line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing <tt>xwiki.cfg</tt>.
15 -
16 -#info("Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password or if you messed up the rights.")
17 -
18 18  1.1 Cookie Encryption Keys
19 19  
20 20  When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the ~~xwiki.cfg~~ configuration file. This file is located in ~~WEB-INF/~~ in the XWiki WAR (see the [Installation>AdminGuide.Installation] for where it's installed).

Get Connected