From 4f89d1f3cb043f8029e847d58ee6d0926288e7bb Mon Sep 17 00:00:00 2001 From: Martian Date: Wed, 22 Jun 2016 11:35:48 -0400 Subject: --- doc/setup/byhand/discussion.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/setup/byhand/discussion.mdwn b/doc/setup/byhand/discussion.mdwn index 6fc931ad3..deb79a8db 100644 --- a/doc/setup/byhand/discussion.mdwn +++ b/doc/setup/byhand/discussion.mdwn @@ -18,3 +18,5 @@ One possible thing is security: Is it just a precaution or would anyone with "wr > to commit directly to the VCS, would be able to replace it. That breaks ikiwiki's > security model, because replacing the setup file is sufficient to achieve > arbitrary code execution as the user running the CGI and VCS hooks. --[[smcv]] + +>> Thanks. After all found it here: [[security]]. Now I wonder if I always use a file from the master branch, while limiting users to staging, it might fly... -- cgit v1.2.3