Index: openacs-4/packages/acs-core-docs/www/security-notes.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/security-notes.adp,v diff -u -r1.4 -r1.5 --- openacs-4/packages/acs-core-docs/www/security-notes.adp 25 Apr 2018 08:38:28 -0000 1.4 +++ openacs-4/packages/acs-core-docs/www/security-notes.adp 3 Sep 2024 15:37:32 -0000 1.5 @@ -1,22 +1,29 @@ -{/doc/acs-core-docs {ACS Core Documentation}} {Security Notes} +{/doc/acs-core-docs/ {ACS Core Documentation}} {Security Notes} Security Notes +

-Security Notes

<authorblurb>

By Richard Li

</authorblurb>

The security system was designed for security. Thus, decisions +Security Notes

+

By Richard Li

+OpenACS docs are written by the named authors, and may be edited by +OpenACS documentation staff.

The security system was designed for security. Thus, decisions requiring trade-offs between ease-of-use and security tend to result in a system that may not be as easy to use but is more secure.

HTTPS and the sessions system

If a user switches to HTTPS after logging into the system via -HTTP, the user must obtain a secure token. To insure security, the +HTTP, the user must obtain a secure token. To ensure security, the only way to obtain a secure token in the security system is to authenticate yourself via password over an HTTPS connection. Thus, users may need to log on @@ -65,8 +72,8 @@

The set of string match expressions in the procedure above should be extended appropriately for other registration pages. This procedure does not use ad_parameter or regular expressions for -performance reasons, as it is called by the request processor.

($‌Id: security-notes.xml,v 1.7 2014/10/27 -16:39:32 victorg Exp $)

+performance reasons, as it is called by the request processor.

($‌Id: security-notes.xml,v 1.7.4.1 2021/09/02 +16:56:03 gustafn Exp $)