Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 2.1
edited by Agnease
on 2026/05/26 11:01
Change comment: There is no comment for this version
To version 3.8
edited by Agnease
on 2026/06/08 18:25
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -122,6 +122,13 @@
122 122   of small exceptions that nobody reviewed later.
123 123   </p>
124 124  
125 + <p>
126 + For a deeper look at this topic, see
127 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
128 + For a practical starting point, see
129 + <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">how to start an XWiki access-rights review</a>.
130 + </p>
131 +
125 125   <h3>3. Authentication and identity management</h3>
126 126   <p>
127 127   Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active
... ... @@ -232,6 +232,25 @@
232 232   permissions, extensions, customizations and recovery procedures were configured years earlier.
233 233   </p>
234 234  
242 + <div class="resource-note related-resources">
243 + <p><strong>Security review series:</strong></p>
244 + <ul>
245 + <li>
246 + <a href="$xwiki.getURL('resources.xwiki-security-review')">What an XWiki security review should actually include</a>
247 + </li>
248 + <li>
249 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">Why XWiki access rights need a clear governance model</a>
250 + </li>
251 + <li>
252 + <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">How to start an XWiki access-rights review</a>
253 + </li>
254 + </ul>
255 + <p>
256 + Future topics will cover authentication and access control, script and programming rights,
257 + backup validation, extension review and operational practices.
258 + </p>
259 + </div>
260 +
235 235   <h2 id="security-review-faq">XWiki security review FAQ</h2>
236 236  
237 237   <h3>What should an XWiki security review include?</h3>
... ... @@ -268,13 +268,22 @@
268 268   becomes business-critical.
269 269   </p>
270 270  
271 - <div class="resource-note">
272 - <p>
273 - Related resources:
274 - <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">why regular XWiki upgrades matter</a>
275 - and
276 - <a href="$xwiki.getURL('resources.xwiki-custom-development')">how to keep XWiki custom development maintainable across upgrades</a>.
277 - </p>
297 + <div class="resource-note related-resources">
298 + <p><strong>Related resources:</strong></p>
299 + <ul>
300 + <li>
301 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">Why XWiki access rights need a clear governance model</a>
302 + </li>
303 + <li>
304 + <a href="$xwiki.getURL('resources.xwiki-access-rights-review')">How to start an XWiki access-rights review</a>
305 + </li>
306 + <li>
307 + <a href="$xwiki.getURL('resources.why-upgrade-xwiki')">Why regular XWiki upgrades matter</a>
308 + </li>
309 + <li>
310 + <a href="$xwiki.getURL('resources.xwiki-custom-development')">How to keep XWiki custom development maintainable across upgrades</a>
311 + </li>
312 + </ul>
278 278   </div>
279 279  
280 280   <div class="resource-cta">
xwiki-security-review.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.Admin
Size
... ... @@ -1,0 +1,1 @@
1 +1.3 MB
Content