7 Dec
2010
7 Dec
'10
10:04 a.m.
I see in the administration documentation:
Encrypt cookies using IP address
Even if the password cannot be extracted from the cookie, the cookies might
be stolen See: XSS and used as they are.
By setting the xwiki.cfg parameter xwiki.authentication.useip to true you
can block the cookies from being used except by the same ip address which
got them.
But when I look in xwiki.cfg, there is no mention of useip. Is this option
still recommended for use?
thanks
Paul
7 Dec
7 Dec
5:02 p.m.
On 12/07/2010 10:04 AM, Paul Harris wrote:
I see in the administration documentation:
Encrypt cookies using IP address
Even if the password cannot be extracted from the cookie, the cookies might
be stolen See: XSS and used as they are.
By setting the xwiki.cfg parameter xwiki.authentication.useip to true you
can block the cookies from being used except by the same ip address which
got them.
But when I look in xwiki.cfg, there is no mention of useip. Is this option
still recommended for use?
By default it is true, so you don't have to add it there.
Even if a setting is not present in xwiki.cfg, you can add it anytime.
Most of the settings that are present are commented out anyway.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
5086
days inactive
5086
days old
1 comments
2 participants
participants (2)
-
Paul Harris -
Sergiu Dumitriu