Hi Werner,
By default, the XWiki Enterprise software does not restrict view access to
anything in the wiki. It`s up to the administrator that installs his own
XWiki instance to configure rights based on the requirements of his
installation. In some cases it's ok to expose users (see
www.xwiki.org), in
others it may be problematic (like some publicly accessible intranet for
example).
If you are in the latter case where you need pages to not be viewable by
certain users (e.g. guests/unregistered users), have a look at XWiki's
right management
http://platform.xwiki.org/xwiki/bin/view/Features/RightsManagement ( with
more details on
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights ) and
properly configure your wiki according to your needs.
Thanks,
Eduard
On Mon, Aug 11, 2014 at 2:13 PM, Werner Kok <werner(a)hti-systems.co.za>
wrote:
Hi There,
I’ve noticed that an XWiki installation has its user directory as well as
full user profiles openly accessible to the public.
Is this not a huge security risk? Or am I missing a configuration setting
somewhere?
For example,
http://www.xwiki.com has all its users publicly accessible
here:
http://www.xwiki.com/lang/en/Main/UserDirectory and each user’s
complete personal profile details is viewable.
Is there a way to secure this information?
Thanks,
Werner
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users