Changes for page What an XWiki Security Review Should Actually Include
Last modified by Agnease on 2026/06/08 18:44
Summary
-
Page properties (1 modified, 0 added, 0 removed)
-
Attachments (0 modified, 1 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -122,6 +122,10 @@ 122 122 of small exceptions that nobody reviewed later. 123 123 </p> 124 124 125 + <p> 126 + For a deeper look at this topic, see <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>. 127 + </p> 128 + 125 125 <h3>3. Authentication and identity management</h3> 126 126 <p> 127 127 Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active ... ... @@ -232,6 +232,16 @@ 232 232 permissions, extensions, customizations and recovery procedures were configured years earlier. 233 233 </p> 234 234 239 + <div class="resource-note"> 240 + <p> 241 + <strong>Security review series:</strong> 242 + this article is the main overview. You can also read 243 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>. 244 + Future topics will cover authentication and access control, script and programming rights, backup validation, 245 + extension review and operational practices. 246 + </p> 247 + </div> 248 + 235 235 <h2 id="security-review-faq">XWiki security review FAQ</h2> 236 236 237 237 <h3>What should an XWiki security review include?</h3>
- xwiki-security-review.png
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.Admin - Size
-
... ... @@ -1,0 +1,1 @@ 1 +1.3 MB - Content