On Jan 14, 2008, at 3:28 PM, Paul Libbrecht wrote: > > Le 14 janv. 08 à 15:18, Vincent Massol a écrit : >>> But the database gets filled right way, doesn't it ? >> >> Ok I wasn't precise enough. Since XWiki doesn't see security >> classes (like XWiki.XWikiRights) it sets itself into no security >> mode. it's only when you import those classes that suddenly it >> starts checking rights. > > Looks better. > >>> So we loose admin rights fairly easily (eg. changing browsers). >> What? I don't understand what you're saying. What does this have to >> do with browsers? Only thing you may loose by changing browsers are >> the cookies but that's just a convenience you can always log in >> again with your user... > > Erm... with which user since I have never logged-in yet ?
If you have an empty DB you don't need a user to log in to get admin rights as explained above. > >>> I did not really experience what you describe, maybe I changed >>> browsers halfway, in doubt that Safari or OmniWeb was imperfectly >>> supported. >>> In all cases, how long should this admin right last ? The method >>> seems slightly unsafe to my taste. I really prefer to take a stab >>> at the config. >> >> That won't change anything at all. All you'd do by enabling the >> superadmin user is introduce a security hole. > > Except superadmin has all rights which others should be restricted > to have fairly quickly. Actually I'm not sure if there's something you can do with superadmin that you cannot do with a user that has admin rights. Anyway we're talking about installing xwiki here and all I'm telling you is that you don't need that extra step of enabling superadmin for that and in addition you won't forget and disabling it later on if you don't intend to use it. [snip] -Vincent _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
