* Patch from James Westby to add a --sslcookie switch, which forces

cookies to only be sent over ssl connections to avoid interception. * Factor out the cgi header printing code into a new function. * Fix preferences page on anonok wikis; still need to sign in to get to the preferences page.
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-27 20:25:05 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-27 20:25:05 +0000
commit: 4ad7c9d6257ca106b2949d22f6300823190991a0 (patch)
tree: 9752444cfa70b40ab32627e3feb44781e56f2771 /doc/security.mdwn
parent: 3ad4d93e33284ad6d51d2fa5f9abf1943b894d48 (diff)
download: ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar
ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index dc763ef40..9d7702dde 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -134,7 +134,9 @@ file not be world readable.
 
 Login to the wiki involves sending a password in cleartext over the net.
 Cracking the password only allows editing the wiki as that user though.
-If you care, you can use https, I suppose.
+If you care, you can use https, I suppose. If you do use https either for
+all of the wiki, or just the cgi access, then consider using the sslcookie
+option.
 
 ## XSS holes in CGI output
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-27 20:25:05 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-27 20:25:05 +0000
commit	4ad7c9d6257ca106b2949d22f6300823190991a0 (patch)
tree	9752444cfa70b40ab32627e3feb44781e56f2771 /doc/security.mdwn
parent	3ad4d93e33284ad6d51d2fa5f9abf1943b894d48 (diff)
download	ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar ikiwiki-4ad7c9d6257ca106b2949d22f6300823190991a0.tar.gz