update

author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-28 04:35:49 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-28 04:35:49 +0000
commit: 4a4c0b626874e9c5db38a54c678689805f790d74 (patch)
tree: 37511dd9ad6de9dad4fd046ddc3d67872c496f28 /doc/security.mdwn
parent: bfe0d3f5c6671ccc26c510f5a07cc0deb926258d (diff)
download: ikiwiki-4a4c0b626874e9c5db38a54c678689805f790d74.tar
ikiwiki-4a4c0b626874e9c5db38a54c678689805f790d74.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 9d7702dde..5cc35b338 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -256,3 +256,10 @@ seem to affect our use, since the data is not encoded as utf-8 at that
 point. #[378412](http://bugs.debian.org/378412) could affect us, although it
 doesn't seem very exploitable. It has a simple fix, and has been fixed in
 Debian unstable.
+
+## include loops
+
+Various directives that cause one page to be included into another could
+be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded
+against this one way or another; the current solution should detect all
+types of loops involving preprocessor directives.
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-28 04:35:49 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-28 04:35:49 +0000
commit	4a4c0b626874e9c5db38a54c678689805f790d74 (patch)
tree	37511dd9ad6de9dad4fd046ddc3d67872c496f28 /doc/security.mdwn
parent	bfe0d3f5c6671ccc26c510f5a07cc0deb926258d (diff)
download	ikiwiki-4a4c0b626874e9c5db38a54c678689805f790d74.tar ikiwiki-4a4c0b626874e9c5db38a54c678689805f790d74.tar.gz