Changes for page Security

Last modified by Simon Urli on 2023/12/26

<
From version < 23.1 >
edited by Thomas Mortagne
on 2017/12/08
To version < 23.2 >
edited by Vincent Massol
on 2017/12/09
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.VincentMassol
Content
... ... @@ -48,10 +48,10 @@
48 48  
49 49  === Encrypt cookies using IP address ===
50 50  
51 -Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are.
52 -To limit that by default the cookies are blocked from being used except by the same IP address which got them.
53 -You can disabled this by setting the //[[xwiki.cfg>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]]// parameter ##xwiki.authentication.useip## to false.
51 +Even if the password cannot be extracted from the cookie, the cookies might be stolen (see [[XSS>>Documentation.AdminGuide.Security#HCrossSiteScripting]]) and used as they are. To limit this by default, the cookies are blocked from being used except by the same IP address that was used to create them.
54 54  
53 +You can disable this by setting the [[##xwiki.cfg##>>Documentation.AdminGuide.Configuration#HSamplexwiki.cfg]] parameter ##xwiki.authentication.useip## to false.
54 +
55 55  == Override version information ==
56 56  
57 57  By default, the exact XWiki version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.

Get Connected