Confluence security
So far we have been talking about permissions and restrictions, which are of course a huge part of how to keep your data secure. But there are a few best practices and features in place to reduce the risk of your Confluence installation being corrupted and prevent the wrong people from getting access.
Secure administrator sessions
Confluence protects access to its administrative functions by a special administrator session. When a user attempts to access the Administration Console or space administration, they are prompted to log in again. This logs the administrator into a temporary secure session that grants access to those administration screens. In other parts of the documentation this feature is also referred to as WebSudo.
The administrator session has a rolling timeout of 10 minutes (default). This means that if there is no activity in the Confluence or space administration for 10 minutes, the user will be logged out of the administrator session. If the user does...