29 Aug
2014
29 Aug
'14
10:37 a.m.
Hi,
Thank you for your reply.
I have indeed gone through the rights setup and have it configured so that the
Main.WebHome page is publicly accessible, but that all other spaces require login.
There is however no way I can see to prevent unregistered user access to the following
spaces in XWiki:
/xwiki/bin/view/Main/UserDirectory
/xwiki/bin/view/XWiki/[username]
Is there any way to secure these two spaces, without locking down the entire XWiki
installation?
Thanks,
Werner
On 13 Aug 2014, at 10:37 AM, Eduard Moraru <enygma2002(a)gmail.com> wrote:
Hi Werner,
By default, the XWiki Enterprise software does not restrict view access to
anything in the wiki. It`s up to the administrator that installs his own
XWiki instance to configure rights based on the requirements of his
installation. In some cases it's ok to expose users (see www.xwiki.org), in
others it may be problematic (like some publicly accessible intranet for
example).
If you are in the latter case where you need pages to not be viewable by
certain users (e.g. guests/unregistered users), have a look at XWiki's
right management
http://platform.xwiki.org/xwiki/bin/view/Features/RightsManagement ( with
more details on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights ) and
properly configure your wiki according to your needs.
Thanks,
Eduard
On Mon, Aug 11, 2014 at 2:13 PM, Werner Kok <werner(a)hti-systems.co.za>
wrote:
Hi There,
I’ve noticed that an XWiki installation has its user directory as well as
full user profiles openly accessible to the public.
Is this not a huge security risk? Or am I missing a configuration setting
somewhere?
For example, http://www.xwiki.com has all its users publicly accessible
here: http://www.xwiki.com/lang/en/Main/UserDirectory and each user’s
complete personal profile details is viewable.
Is there a way to secure this information?
Thanks,
Werner
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users