Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -48,9 +48,10 @@ 48 48 49 49 === Encrypt cookies using IP address === 50 50 51 -Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are. 52 -By setting the //[[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]]// parameter ##xwiki.authentication.useip## to true you can block the cookies from being used except by the same IP address which got them. 51 +Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are. To limit this by default, the cookies are blocked from being used except by the same IP address that was used to create them. 53 53 53 +You can disable this by setting the [[##xwiki.cfg##>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]] parameter ##xwiki.authentication.useip## to false. 54 + 54 54 == Override version information == 55 55 56 56 By default, the exact XWiki version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.