edited by Sergiu Dumitriu
on 2007/03/16
on 2007/03/16
Change comment:
There is no comment for this version
Summary
-
Page properties (3 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. vmassol1 +XWiki.sdumitriu - Content
-
... ... @@ -1,5 +1,17 @@ 1 1 1 Security 2 2 3 +It's important you spend some time understanding the different settings you can modify to protected your wiki. 4 + 5 +1.1 Superadmin account 6 + 7 +XWiki provides a superadmin account. It is special, because: 8 +* It is not stored in the database 9 +* It cannot be modified in any way 10 +* It always has full access, regardless of the rights settings 11 +Because it is so powerful, it is not safe to leave it enabled for a long time. 12 + 13 +By default, this account is disabled. To enable it, you have to edit <tt><xwiki-dir>/WEB-INF/xwiki.cfg</tt>, uncomment the <tt>xwiki.superadminpassword=system</tt> line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing <tt>xwiki.cfg</tt>. 14 + 3 3 1.1 Cookie Encryption Keys 4 4 5 5 When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the ~~xwiki.cfg~~ configuration file. This file is located in ~~WEB-INF/~~ in the XWiki WAR (see the [Installation>AdminGuide.Installation] for where it's installed).