Summary

• Page properties (3 modified, 0 added, 0 removed)
• Objects (2 modified, 0 added, 0 removed)
  • XWiki.XWikiComments[1]
  • XWiki.XWikiComments[2]

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.BrianJones
	1	+XWiki.SilviaRusu

Syntax

...	...	@@ -1,1 +1,1 @@
1		-XWiki 1.0
	1	+XWiki 2.0

Content

...	...	@@ -1,36 +1,46 @@
	1	+{{velocity filter="none"}}
	2	+{{html clean="false" wiki="true"}}
1	1	#startfloatingbox()
2		-*Contents*
3		-#toc ("2" "3" "")
	4	+**Contents**
	5	+
	6	+{{toc start="2" depth="3" numbered=""/}}
4	4	#endfloatingbox()
	8	+{{/html}}
	9	+{{/velocity}}
5	5
6		-1 Security
	11	+= Security =
7	7
8	8	It's important you spend some time understanding the different settings you can modify to protected your wiki.
9	9
10		-1.1 Admin password
	15	+== Admin password ==
11	11
12	12	Make sure you either change its password or remove that user.
13	13
14		-1.1 Superadmin account
	19	+== Superadmin account ==
15	15
16	16	XWiki provides a superadmin account. It is special, because:
	22	+
17	17	* It is not stored in the database
18	18	* It cannot be modified in any way
19	19	* It always has full access, regardless of the rights settings
20	20
21		-#warning("Because it is so powerful, it is not safe to leave it enabled for a long time.")
	27	+{{warning}}
	28	+Because it is so powerful, it is not safe to leave it enabled for a long time.
	29	+{{/warning}}
22	22
23		-By default, this account is disabled. To enable it, you have to edit <tt>&lt;xwiki-dir&gt;/WEB-INF/xwiki.cfg</tt>, uncomment the <tt>xwiki.superadminpassword=system</tt> line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing <tt>xwiki.cfg</tt>.
	31	+By default, this account is disabled. To enable it, you have to edit ##<xwiki-dir>/WEB-INF/xwiki.cfg##, uncomment the ##xwiki.superadminpassword=system## line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing ##xwiki.cfg##.
24	24
25		-#info("Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password, if you messed up some rights or if you have deleted your admin user by mistake.")
	33	+{{info}}
	34	+Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password, if you messed up some rights or if you have deleted your admin user by mistake.
	35	+{{/info}}
26	26
27		-1.1 Cookie Encryption Keys
	37	+== Cookie Encryption Keys ==
28	28
29		-When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the ~~xwiki.cfg~~ configuration file. This file is located in ~~WEB-INF/~~ in the XWiki WAR (see the [Installation>AdminGuide.Installation] for where it's installed).
	39	+When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the //xwiki.cfg// configuration file. This file is located in //WEB-INF/// in the XWiki WAR (see the [[Installation>>AdminGuide.Installation]] for where it's installed).
30	30
31		-It's important you edit the ~~xwiki.cfg~~ file to modify the cookie authentication and encryption keys as they use default values when you install XWiki and these predefined values could be used by an attacker to decode the username/password. To prevent this change the following 2 configuration parameters:
	41	+It's important you edit the //xwiki.cfg// file to modify the cookie authentication and encryption keys as they use default values when you install XWiki and these predefined values could be used by an attacker to decode the username/password. To prevent this change the following 2 configuration parameters:
32	32
33		-* ~~xwiki.authentication.validationKey~~
34		-* ~~xwiki.authentication.encryptionKey~~
	43	+* //xwiki.authentication.validationKey//
	44	+* //xwiki.authentication.encryptionKey//
35	35
36		-In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following [issue>http://jira.xwiki.org/jira/browse/XWIKI-542] for details).
	46	+In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following [[issue>>http://jira.xwiki.org/jira/browse/XWIKI-542]] for details).

XWiki.XWikiComments[1]

Comment

...	...	@@ -1,3 +1,3 @@
1	1	after loggin with superadmin user name, how to change password for admin user id?
2	2
3		---Sabarish R L
	3	+~-~-Sabarish R L

XWiki.XWikiComments[2]

Comment

...	...	@@ -1,2 +1,1 @@
1		-Regarding the 'Cookie Encryption Keys':
2		-What exactly are we supposed to change these values to? Do they have to be corresponding in some way? And why aren't these values randomly generated via some sort of algorithm. Seems this would provide a lot better security than the administrator setting this once manually.
	1	+Regarding the 'Cookie Encryption Keys': What exactly are we supposed to change these values to? Do they have to be corresponding in some way? And why aren't these values randomly generated via some sort of algorithm. Seems this would provide a lot better security than the administrator setting this once manually.

Date

...	...	@@ -1,1 +1,1 @@
1		-2008-10-20 21:29:21.385
	1	+2008-10-20 21:29:21.0