14 Jan
2008
14 Jan
'08
3:28 p.m.
Le 14 janv. 08 à 15:18, Vincent Massol a écrit :
Looks better.
Erm... with which user since I have never logged-in yet ?
Except superadmin has all rights which others should be restricted to
have fairly quickly.
I think installation instructions should go as far as a reasonably
safe wiki, e.g. where programming rights are limited to a handful of
controlled users and public editing is clearly warned as a possibility.
Now, you're starting to make me shiver that I might have no secured
enough of my xwiki installations... and indeed I saw a friend editing
velocity to my (bad) surprise.
To me this is related... under the same broad topic of "getting xwiki
and bringing it to production state". I changed the subject ;-).
paul
But the
database gets filled right way, doesn't it ?
Ok I wasn't precise enough. Since XWiki doesn't see security
classes (like XWiki.XWikiRights) it sets itself into no security
mode. it's only when you import those classes that suddenly it
starts checking rights. So we loose
admin rights fairly easily (eg. changing browsers).
What? I don't understand
what you're saying. What does this have to
do with browsers? Only thing you may loose by changing browsers are
the cookies but that's just a convenience you can always log in
again with your user... I did not
really experience what you describe, maybe I changed
browsers halfway, in doubt that Safari or OmniWeb was imperfectly
supported.
In all cases, how long should this admin right last ? The method
seems slightly unsafe to my taste. I really prefer to take a stab
at the config.
That won't change anything at all. All you'd do by enabling the
superadmin user is introduce a security hole. I think you don't understand what I'm saying
:)
I think I do.
Most other
"easy to install platforms" nowadays have a kind of
wizard for the first-time connection which even includes the
config of the database connection. This is at least the case of
Moodle and Drupal. I remember a friend forwarding me:
http://www.lullabot.com/files/Drupal5Installing.mp4
I think it the eXo platform and Jahia are other examples with a
configurator.
Are you talking about something else now? I thought the topic of
this email was about getting an "empty database" from Morten...