Priority: Low
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Engine
Component: Configure
Branches:
Install Foswiki.
The whole URI tree is protected by HTTP authentication at the Foswiki root URI.
So to even get to "configure", you have perform HTTP-level authentication.
The configure script shows:
High security risk!
This screen was accessed without requiring authentication. You should always make sure the configuration interface requires authentication, or it may be used by a hacker to modify your Foswiki configuration.
See Protecting Your Configuration for more information on limiting access to configuration.
This is a confusing warning; can that script check whether HTTP authentication is active and not display the above?
This is completely eliminated in the upcoming Foswiki 1.2. Configure is "just another script", protected through foswiki ACL-like checks. Setting to no action.
--
GeorgeClark - 24 Dec 2014