Changes for page Security

Last modified by Simon Urli on 2023/12/26

From version 22.1
edited by Vincent Massol
on 2017/09/06
Change comment: Renamed back-links.
To version 23.1
edited by Thomas Mortagne
on 2017/12/08
Change comment: Fixed documentation

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.VincentMassol
1 +XWiki.ThomasMortagne
Content
... ... @@ -49,7 +49,8 @@
49 49  === Encrypt cookies using IP address ===
50 50  
51 51  Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are.
52 -By setting the //[[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]]// parameter ##xwiki.authentication.useip## to true you can block the cookies from being used except by the same IP address which got them.
52 +To limit that by default the cookies are blocked from being used except by the same IP address which got them.
53 +You can disabled this by setting the //[[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]]// parameter ##xwiki.authentication.useip## to false.
53 53  
54 54  == Override version information ==
55 55  

Get Connected