[
http://jira.magnolia-cms.com/browse/DOCU-209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Antti Hietala updated DOCU-209:
-------------------------------
Description:
Write best practices and tips for Magnolia security. Examples:
* Use physically separate permanent storage (databases) for author and public
instances
* Change the default superuser passsword!
* You will eventually lock superuser out by accident. Fixes:
** If you remember superuser's password, use [Re-enabling a locked-out
account|http://wiki.magnolia-cms.com/display/WIKI/Re-enabling+a+locked-out+account]
** If you don't remember superuser's password, use [Reset superuser
account|http://wiki.magnolia-cms.com/display/WIKI/Reset+superuser+account]
** If your security configuration is messed up, use [Rescue Security
Support|http://wiki.magnolia-cms.com/display/WIKI/Messed+Up+Security]. The wiki
page title matches content poorly, please edit the page and make it read like a
procedure.
* Create secure, usable passwords. Link to [Usability of
Passwords|http://www.baekdal.com/tips/password-security-usability]
* Block the AdminCentral URI {{/.magnolia}} with Apache another Web server on
a permanent basis for anybody else except users inside the local network. If
you have authors outside the local network this is not appropriate.
was:
Write best practices and tips around Magnolia security. Examples:
* Use physically separate permanent storage (databases) for author and public
instances
* Change the default superuser passsword!
* You will eventually lock superuser out by accident. Fixes:
** If you remember superuser's password, use [Re-enabling a locked-out
account|http://wiki.magnolia-cms.com/display/WIKI/Re-enabling+a+locked-out+account]
** If you don't remember superuser's password, use [Reset superuser
account|http://wiki.magnolia-cms.com/display/WIKI/Reset+superuser+account]
** If your security configuration is messed up, use [Rescue Security
Support|http://wiki.magnolia-cms.com/display/WIKI/Messed+Up+Security]. The wiki
page title matches content poorly, please edit the page and make it read like a
procedure.
* Create secure, usable passwords. Link to [Usability of
Passwords|http://www.baekdal.com/tips/password-security-usability]
* Block the AdminCentral URI {{/.magnolia}} with Apache another Web server on
a permanent basis for anybody else except users inside the local network. If
you have authors outside the local network this is not appropriate.
> Security best practices
> -----------------------
>
> Key: DOCU-209
> URL: http://jira.magnolia-cms.com/browse/DOCU-209
> Project: Documentation
> Issue Type: Sub-task
> Security Level: Public
> Components: content
> Reporter: Antti Hietala
> Assignee: Ruth Stocks
>
> Write best practices and tips for Magnolia security. Examples:
> * Use physically separate permanent storage (databases) for author and public
> instances
> * Change the default superuser passsword!
> * You will eventually lock superuser out by accident. Fixes:
> ** If you remember superuser's password, use [Re-enabling a locked-out
> account|http://wiki.magnolia-cms.com/display/WIKI/Re-enabling+a+locked-out+account]
> ** If you don't remember superuser's password, use [Reset superuser
> account|http://wiki.magnolia-cms.com/display/WIKI/Reset+superuser+account]
> ** If your security configuration is messed up, use [Rescue Security
> Support|http://wiki.magnolia-cms.com/display/WIKI/Messed+Up+Security]. The
> wiki page title matches content poorly, please edit the page and make it read
> like a procedure.
> * Create secure, usable passwords. Link to [Usability of
> Passwords|http://www.baekdal.com/tips/password-security-usability]
> * Block the AdminCentral URI {{/.magnolia}} with Apache another Web server
> on a permanent basis for anybody else except users inside the local network.
> If you have authors outside the local network this is not appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
