On 12/07/2010 10:04 AM, Paul Harris wrote: > I see in the administration documentation: > > Encrypt cookies using IP address > > Even if the password cannot be extracted from the cookie, the cookies might > be stolen See: XSS and used as they are. > By setting the xwiki.cfg parameter xwiki.authentication.useip to true you > can block the cookies from being used except by the same ip address which > got them. > > But when I look in xwiki.cfg, there is no mention of useip. Is this option > still recommended for use?
By default it is true, so you don't have to add it there. Even if a setting is not present in xwiki.cfg, you can add it anytime. Most of the settings that are present are commented out anyway. -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
