Xwiki visible from outsitde

Our wiki is visible from outside!

I would like to know if there might be something wrong in the backend configuration or if this is due to server configuration.

The effect: It is not necessary to log in with an xwiki user, content can be accessed for any page visitor coming via the xwiki link.

The rights of the unregistered users are configured in the Rights UI in Administration. You have to switch to “Users” mode to see “Unregistered users”.

See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights for more about rights UI.

1 Like

Thanks a lot!

I would suggest, that this feature is set to default, due to the reason that it is the normal way NOT to provide access to unregistered users.

Otherwise you could enhance a clear case study with an useful example to separate an XWiki into an part accessable for everybody and an internal part (closed for only registered users)

Makes sense for most user cases to lock it up by default.

Note that the principle of the wiki is to be open to the maximum to favor collaboration. So the idea in XWiki (and in wiki in general) is that you open everything and then if there are problems you start restricting and setting permissions.

Now if you’re installing inside your company normally you shouldn’t have any issue since your company should have firewalls set up so that by default nothing internal can be accessed from the outside.

This is what we started doing here: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights#HWikiAccessConfiguration

A better idea for the future would be to have a step in the Distribution Wizard to configure permissions for your wiki (with options such as the ones on http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Access+Rights#HWikiAccessConfiguration, i.e. Open Wiki, Private Wiki, Public Wiki with Confirmed Registration, Custom Permissions).

Thanks for the suggestion

1 Like

This is excellent and exactly what I was looking for.
Your general idea or the general idea of wikis to be open is excellent, the point was more just informing the users about this, due to the fact that they might be used to closed systems by default. Especially when a systems supports users and logins. :wink:

But everything works fine and I could have checked this also before. :wink: