Changes for page Security

Last modified by Vincent Massol on 2021/07/21

<
From version < 22.1 >
edited by Vincent Massol
on 2017/09/06
To version < 23.2 >
edited by Vincent Massol
on 2017/12/09
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -48,9 +48,10 @@
48 48  
49 49  === Encrypt cookies using IP address ===
50 50  
51 -Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are.
52 -By setting the //[[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]]// parameter ##xwiki.authentication.useip## to true you can block the cookies from being used except by the same IP address which got them.
51 +Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are. To limit this by default, the cookies are blocked from being used except by the same IP address that was used to create them.
53 53  
53 +You can disable this by setting the [[##xwiki.cfg##>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]] parameter ##xwiki.authentication.useip## to false.
54 +
54 54  == Override version information ==
55 55  
56 56  By default, the exact XWiki version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.

Get Connected