Skip to Content
Last modified by Agnease on 2026/06/08 18:44
From version 3.1
edited by Agnease
on 2026/05/26 15:27
Change comment: Upload new image "xwiki-security-review.png", version 1.1
To version 3.3
edited by Agnease
on 2026/06/02 11:04
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -122,6 +122,10 @@
122 122   of small exceptions that nobody reviewed later.
123 123   </p>
124 124  
125 + <p>
126 + For a deeper look at this topic, see <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
127 + </p>
128 +
125 125   <h3>3. Authentication and identity management</h3>
126 126   <p>
127 127   Authentication should be reviewed beyond the simple question of whether users can log in. LDAP, Active
... ... @@ -232,6 +232,16 @@
232 232   permissions, extensions, customizations and recovery procedures were configured years earlier.
233 233   </p>
234 234  
239 + <div class="resource-note">
240 + <p>
241 + <strong>Security review series:</strong>
242 + this article is the main overview. You can also read
243 + <a href="$xwiki.getURL('resources.xwiki-access-rights-governance')">why XWiki access rights need a clear governance model</a>.
244 + Future topics will cover authentication and access control, script and programming rights, backup validation,
245 + extension review and operational practices.
246 + </p>
247 + </div>
248 +
235 235   <h2 id="security-review-faq">XWiki security review FAQ</h2>
236 236  
237 237   <h3>What should an XWiki security review include?</h3>