[xwiki-users] (no subject)

Vincent Massol vincent at massol.net
Mon Jan 14 15:18:13 CET 2008 

On Jan 14, 2008, at 3:01 PM, Paul Libbrecht wrote:

>
> Le 14 janv. 08 à 14:23, Vincent Massol a écrit :
>
>> On Jan 14, 2008, at 2:15 PM, Paul Libbrecht wrote:
>>
>>> May way there was simply to read the config and see that there's  
>>> an admin password (for username "superadmin") that needs to be set  
>>> there by removing the comment in front of the config line.
>> The official method is the one described in the installation guide.
>> [...] I suggest you start with the standalone distribution. It  
>> takes less than 5 minutes to get started once you've downloaded  
>> either the zip or the installer.
>>
>> PS: Paul, there's no need to log in as superadmin since if your  
>> database is empty you'll have admin rights even when not logged in.
>
> But the database gets filled right way, doesn't it ?

Ok I wasn't precise enough. Since XWiki doesn't see security classes  
(like XWiki.XWikiRights) it sets itself into no security mode. it's  
only when you import those classes that suddenly it starts checking  
rights.

>  So we loose admin rights fairly easily (eg. changing browsers).

What? I don't understand what you're saying. What does this have to do  
with browsers? Only thing you may loose by changing browsers are the  
cookies but that's just a convenience you can always log in again with  
your user...

>  I did not really experience what you describe, maybe I changed  
> browsers halfway, in doubt that Safari or OmniWeb was imperfectly  
> supported.
>
> In all cases, how long should this admin right last ? The method  
> seems slightly unsafe to my taste. I really prefer to take a stab at  
> the config.

That won't change anything at all. All you'd do by enabling the  
superadmin user is introduce a security hole.

I think you don't understand what I'm saying :)

>
> Most other "easy to install platforms" nowadays have a kind of  
> wizard for the first-time connection which even includes the config  
> of the database connection. This is at least the case of Moodle and  
> Drupal. I remember a friend forwarding me:
>     http://www.lullabot.com/files/Drupal5Installing.mp4
> I think it the eXo platform and Jahia are other examples with a  
> configurator.

Are you talking about something else now? I thought the topic of this  
email was about getting an "empty database" from Morten...

Re the wizard, yes this is something planned. Right now we have the 2  
ends of the spectrum:
- standalone installs. Does everything and gives a fully working  
system in less than a 1 minute (it's just an unzip or a simple  
installer)
- manual install (the WAR + config to set + DB to set up)

> Since it's a wizard, it's pretty clear that you should "hang  
> on" (and not change browsers, for example!). Generally it concludes  
> by trying to write its own configuration (which of course fails in  
> some cases, then you're told to change the files yourself).
>
> I don't like installers in general but I feel that a configurator is  
> rather a good thing except being yet another feature wish.

It's there in jira already...

>
> paul
>
> PS: I believe I and Morten are not the only one to mistrust Jetty.  
> It may be wrong, I agree... but that must be common. Hence the  
> standalone version does not come as an option.

<OT>Mistrust jetty that's the first time I hear this. It's so much  
better than Tomcat! :)</OT>

Morten can choose whatever methods he wants to use but one thing he  
should NOT do is follow the standalone instructions if he's doing the  
"manual" install. That's all I was saying in my previous email...

Thanks
-Vincent

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.xwiki.org/pipermail/users/attachments/20080114/056a4ee7/attachment.html

More information about the users mailing list