diff options
author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-08-27 20:25:05 +0000 |
---|---|---|
committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-08-27 20:25:05 +0000 |
commit | 4ad7c9d6257ca106b2949d22f6300823190991a0 (patch) | |
tree | 9752444cfa70b40ab32627e3feb44781e56f2771 /doc/security.mdwn | |
parent | 3ad4d93e33284ad6d51d2fa5f9abf1943b894d48 (diff) | |
download | ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar.gz |
* Patch from James Westby to add a --sslcookie switch, which forces
cookies to only be sent over ssl connections to avoid interception.
* Factor out the cgi header printing code into a new function.
* Fix preferences page on anonok wikis; still need to sign in to get
to the preferences page.
Diffstat (limited to 'doc/security.mdwn')
-rw-r--r-- | doc/security.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index dc763ef40..9d7702dde 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -134,7 +134,9 @@ file not be world readable. Login to the wiki involves sending a password in cleartext over the net. Cracking the password only allows editing the wiki as that user though. -If you care, you can use https, I suppose. +If you care, you can use https, I suppose. If you do use https either for +all of the wiki, or just the cgi access, then consider using the sslcookie +option. ## XSS holes in CGI output |