This is version 1 2 3 4 5 6 7 8 9 10 . It is not the current version, and thus it cannot be edited.

Back to current version Restore this version

To secure a KnowWE(JSPWiki) installation, you have to edit two files:

• jspwiki.properties:
  • at the very bottom uncomment the line jspwiki.approver.workflow.saveWikiPage=Admin to enable the forced approval of new user accounts by an admin. (Make sure there is an 'Admin' group)
  • make sure the option allowHTML is set to false

• jspwiki.policiy: comment the permissions of 'Anonymous' to disable anonymous editing before:

after: grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages"; };

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
//    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
};

* Install.jsp: Make sure that the file Install.jsp is deleted from the root folder of the web application.

After that, restart the container and the wiki is secure.