Changes for page Security

Last modified by Vincent Massol on 2021/07/21

From version 1.1 >
edited by vmassol
on 2006/12/17
To version < 1.4 >
edited by Vincent Massol
on 2007/03/16
Change comment: There is no comment for this version



Page properties
... ... @@ -1,1 +1,1 @@
1 -XWiki.vmassol
1 +XWiki.VincentMassol
... ... @@ -1,5 +1,19 @@
1 1  1 Security
2 2  
3 +It's important you spend some time understanding the different settings you can modify to protected your wiki.
4 +
5 +1.1 Superadmin account
6 +
7 +XWiki provides a superadmin account. It is special, because:
8 +* It is not stored in the database
9 +* It cannot be modified in any way
10 +* It always has full access, regardless of the rights settings
11 +Because it is so powerful, it is not safe to leave it enabled for a long time.
12 +
13 +By default, this account is disabled. To enable it, you have to edit <tt>&lt;xwiki-dir&gt;/WEB-INF/xwiki.cfg</tt>, uncomment the <tt>xwiki.superadminpassword=system</tt> line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing <tt>xwiki.cfg</tt>.
14 +
15 +#info("Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password or if you messed up the rights.")
16 +
3 3  1.1 Cookie Encryption Keys
4 4  
5 5  When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the ~~xwiki.cfg~~ configuration file. This file is located in ~~WEB-INF/~~ in the XWiki WAR (see the [Installation>AdminGuide.Installation] for where it's installed).

Get Connected