Changes for page Security

Last modified by Simon Urli on 2023/12/26

From version 16.1
edited by Thomas Mortagne
on 2017/03/24
Change comment: Fix jira URLs
To version 17.1
edited by Thomas Mortagne
on 2017/03/24
Change comment: Fix jira URLs

Summary

Details

Page properties
Content
... ... @@ -44,7 +44,7 @@
44 44  
45 45  See the [[Authentication parameters section>>AdminGuide.Authentication#HAuthenticationparameters]] for more details.
46 46  
47 -In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following [[issue>>https://jira.xwiki.org/jira/browse/XWIKI-542]] for details).
47 +In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following [[issue>>https://jira.xwiki.org/browse/XWIKI-542]] for details).
48 48  
49 49  === Encrypt cookies using IP address ===
50 50  
... ... @@ -170,7 +170,7 @@
170 170  ==== Likelihood / Known Issues ====
171 171  
172 172  * XWiki syntax 1.0 does not filter out HTML so script injection is possible
173 -* XWiki syntax 2.0 contains html macro which when invoked allows injection of raw html and script. There is still no safe way to disable this (see [[this issue>>https://jira.xwiki.org/jira/browse/XWIKI-3953]] for more information.
173 +* XWiki syntax 2.0 contains html macro which when invoked allows injection of raw html and script. There is still no safe way to disable this (see [[this issue>>https://jira.xwiki.org/browse/XWIKI-3953]] for more information.
174 174  ** This attack method requires the attacker to have a registered username (unless anonymous editing or commenting is allowed).
175 175  
176 176  ==== Mitigation Methods ====

Get Connected