This is version 1 2 3 4 5 6 7 8 9 10 . It is not the current version, and thus it cannot be edited.

Back to current version Restore this version

To secure a KnowWE(JSPWiki) installation, you have to edit two files:

• jspwiki.properties:
  • at the very bottom uncomment the line jspwiki.approver.workflow.saveWikiPage=Admin to enable the forced approval of new user accounts by an admin. (Make sure there is an 'Admin' group)
  • make sure the option allowHTML is set to false

• jspwiki.policiy: comment the permissions of 'Anonymous' to disable anonymous editing before:

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages"; }; after: grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { // permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify"; // permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages"; };

• Install.jsp: Make sure that the Install.jsp is deleted from the root folder of the web application.

After that, restart the container and the wiki is secure.