Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / Application passwords
Area: Application passwords
#######################
# Application passwords
#######################
# Empty means: enable/disable default password via ServerManager GUI
# enableDefaultAppPassword=true
enableDefaultAppPassword=
# Comma separated list of hosts or addresses, which are always allowed to use
# application passwords. Application passwords without IP limitations are not
# affected by this list. If a IP limitation is present for a password, the
# list of allowed hosts or addresses is automatically extended by this list.
appPasswordIpWhitelist=localhost,localhost.localdomain
All connections to the FirstSpirit server must undergo authentication (security concept see Authentication of all internal connections to the FirstSpirit server). This means that all web applications (and cluster nodes), that communicate with the FirstSpirit Server, must be authenticated first using a WebApp password. Access to incorrectly configured web applications can be restored using the parameters enableDefaultAppPassword and appPasswordIpWhitelist (see Fixing a faulty configuration).