Security

It's important you spend some time understanding the different settings you can modify to protected your wiki.

Superadmin account

XWiki provides a superadmin account. It is special, because:

  • It is not stored in the database
  • It cannot be modified in any way
  • It always has full access, regardless of the rights settings
Warning: Because it is so powerful, it is not safe to leave it enabled for a long time.

By default, this account is disabled. To enable it, you have to edit <xwiki-dir>/WEB-INF/xwiki.cfg, uncomment the xwiki.superadminpassword=system line and set a proper password. To disable it, just comment this line. Remember to restart the servlet container after changing xwiki.cfg.

Using this superadmin account is useful when you cannot log in anymore, for example when you forgot your admin user password, if you messed up some rights or if you have deleted your admin user by mistake.

Cookie Encryption Keys

When a user chooses to be remembered when he logs in, a cookie is saved on his machine. The cookie is encrypted so that nobody having access to it can see the username/password. This encryption is done using 2 configuration parameters located in the xwiki.cfg configuration file. This file is located in WEB-INF/ in the XWiki WAR (see the Installation for where it's installed).

It's important you edit the xwiki.cfg file to modify the cookie authentication and encryption keys as they use default values when you install XWiki and these predefined values could be used by an attacker to decode the username/password. To prevent this change the following 2 configuration parameters:

  • xwiki.authentication.validationKey
  • xwiki.authentication.encryptionKey
In future versions we'd like to generate random and host-dependent key pairs at installation time (see the following issue for details).
Version 1.11 last modified by VincentMassol on 29/08/2007 at 06:52

Comments 2

Jersin | 20.05.2007 at 01:10 PM
You shouldn't store the username and password in the cookie itself. Keep that information on the server side, hidden behind a randomly generated number. Ie. use it as the primary key in a databasetable. The random number is then stored in the users cookie. It's much safer and it does not require secrets.
rlsabari | 29.08.2007 at 06:52 AM
after loggin with superadmin user name, how to change password for admin user id?

--Sabarish R L

Attachments 0

No attachments for this document
Creator: vmassol on 2006/12/17 14:53
This wiki is licensed under a Creative Commons license
1.3.2.9174