You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@roller.apache.org by "David M. Johnson (Jira)" <ji...@apache.org> on 2023/02/05 20:49:00 UTC

[jira] [Commented] (ROL-2176) Document the security model

    [ https://issues.apache.org/jira/browse/ROL-2176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17684347#comment-17684347 ] 

David M. Johnson commented on ROL-2176:
---------------------------------------

The installation does discuss this issue in the Install Guide under Securing Roller: [https://github.com/apache/roller/blob/roller-6.0.x/docs/roller-install-guide.adoc#2-securing-roller]

[~engelen]  Do you have suggestions for making this issue more clear?

> Document the security model
> ---------------------------
>
>                 Key: ROL-2176
>                 URL: https://issues.apache.org/jira/browse/ROL-2176
>             Project: Apache Roller
>          Issue Type: Wish
>          Components: Website and Documentation
>            Reporter: Arnout Engelen
>            Priority: Minor
>
> It would be nice to publish a page on the website or in the documentation describing the 'security model' of Roller, explaining both to operators and to security researchers what kind of behavior to expect.
> For example, this page could clarify that blog authenticated weblog admins are trusted and can use HTML and JavaScript without limitation in blog titles, entries and other places in the blog.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)