Index: openacs-4/packages/acs-core-docs/www/security-notes.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/security-notes.html,v diff -u -r1.9 -r1.10 --- openacs-4/packages/acs-core-docs/www/security-notes.html 28 Feb 2003 05:36:05 -0000 1.9 +++ openacs-4/packages/acs-core-docs/www/security-notes.html 24 Jun 2003 03:58:11 -0000 1.10 @@ -1,13 +1,13 @@ -OpenACS 4 Security Notes
Prev Chapter 9. Kernel Documentation Next

OpenACS 4 Security Notes

+OpenACS 4 Security Notes

Prev Chapter�12.�Kernel Documentation Next

OpenACS 4 Security Notes

by Richard Li
- OpenACS docs are written by the named authors, but may be edited + OpenACS docs are written by the named authors, and may be edited by OpenACS documentation staff.

The security system was designed for security. Thus, decisions requiring trade-offs between ease-of-use and security tend to result in a system that may not be as easy to use but is more secure. -

HTTPS and the sessions system

+

HTTPS and the sessions system

If a user switches to HTTPS after logging into the system via HTTP, the user must obtain a secure token. To insure security, the only way to @@ -56,4 +56,4 @@ The set of string match expressions in the procedure above should be extended appropriately for other registration pages. This procedure does not use ad_parameter or regular expressions for performance reasons, as -it is called by the request processor.

($Id$)
Prev Home Next
OpenACS 4 Security Design Up OpenACS 4 Request Processor Requirements
rmello at fslc.usu.edu
vinod@kurup.com
View comments on this page at openacs.org
+it is called by the request processor.

($Id$)
Prev Home Next
OpenACS 4 Security Design Up OpenACS 4 Request Processor Requirements
docs@openacs.org
View comments on this page at openacs.org