Security best practices
-----------------------
Key: DOCU-209
URL: http://jira.magnolia-cms.com/browse/DOCU-209
Project: Documentation
Issue Type: Sub-task
Security Level: Public
Components: content
Reporter: Antti Hietala
Assignee: Ruth Stocks
Write best practices and tips around Magnolia security. Examples:
* Use physically separate permanent storage (databases) for author and public
instances
* Change the default superuser passsword!
* You will eventually lock superuser out by accident. Fixes:
** If you remember superuser's password, use [Re-enabling a locked-out
account|http://wiki.magnolia-cms.com/display/WIKI/Re-enabling+a+locked-out+account]
** If you don't remember superuser's password, use [Reset superuser
account|http://wiki.magnolia-cms.com/display/WIKI/Reset+superuser+account]
** If your security configuration is messed up, use [Rescue Security
Support|http://wiki.magnolia-cms.com/display/WIKI/Messed+Up+Security]. The wiki
page title matches content poorly, please edit the page and make it read like a
procedure.
* Create secure, usable passwords. Link to [Usability of
Passwords|http://www.baekdal.com/tips/password-security-usability]
* Block the AdminCentral URI {{/.magnolia}} with Apache another Web server on
a permanent basis for anybody else except users inside the local network. If
you have authors outside the local network this is not appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
