Index: openacs-4/packages/acs-core-docs/www/security-notes.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/security-notes.html,v diff -u -r1.8.2.4 -r1.8.2.5 --- openacs-4/packages/acs-core-docs/www/security-notes.html 7 Apr 2003 16:59:26 -0000 1.8.2.4 +++ openacs-4/packages/acs-core-docs/www/security-notes.html 15 Apr 2003 17:03:03 -0000 1.8.2.5 @@ -1,13 +1,13 @@ -OpenACS 4 Security Notes
Prev Chapter 11. Kernel Documentation Next

OpenACS 4 Security Notes

+OpenACS 4 Security Notes

Prev Chapter�11.�Kernel Documentation Next

OpenACS 4 Security Notes

by Richard Li
OpenACS docs are written by the named authors, but may be edited by OpenACS documentation staff.

The security system was designed for security. Thus, decisions requiring trade-offs between ease-of-use and security tend to result in a system that may not be as easy to use but is more secure. -

HTTPS and the sessions system

+

HTTPS and the sessions system

If a user switches to HTTPS after logging into the system via HTTP, the user must obtain a secure token. To insure security, the only way to @@ -56,4 +56,4 @@ The set of string match expressions in the procedure above should be extended appropriately for other registration pages. This procedure does not use ad_parameter or regular expressions for performance reasons, as -it is called by the request processor.

($Id$)
Prev Home Next
OpenACS 4 Security Design Up OpenACS 4 Request Processor Requirements
rmello at fslc.usu.edu
vinod@kurup.com
View comments on this page at openacs.org
+it is called by the request processor.

($Id$)
Prev Home Next
OpenACS 4 Security Design Up OpenACS 4 Request Processor Requirements
rmello at fslc.usu.edu
vinod@kurup.com
View comments on this page at openacs.org