Securing Websydian Express after Installation
Overview
After installing Websydian Express there is a few settings you should change in order to ensure that your installation is not vulnerable to attacks.
Change password
Websydian Express comes with a predefined administrator profile. The password is also predefined. You should of course change this password right away.
It is recommended that you create a new administrator profile and deactivate the predefined administrator profile.
The predefined administrator profile is WSADMIN and the password is ADMIN.
You must do this for both the demo site and the basic site in Websydian Express.
Also change the predefined user profile named 'User'. The password for this profile is 'User'. This should be done for both the basic site and the demo site.
Change site settings
The site settings for each site should be changed as follows:
IP intranet mask
The IP intranet mask should be changed to conform to your own intranet IP address range. Please find more information about IP intranet mask in Site Settings.
Automatic event creation (only required with v2.0)
If the site has been installed in a production environment you should disable this feature. You can read more here.
Changing the site settings should be done with great care - as the wrong settings might actually make the site inaccessible.
We recommend that you always keep the site settings maintenance in a separate browser window.
After changing the settings, reenter the URL in another browser window - without closing the site settings maintenance window.
Enter the application as administrator and ensure that you can access the administration menu before closing the window containing the site settings maintenance