You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@roller.apache.org by "Arnout Engelen (Jira)" <ji...@apache.org> on 2022/11/15 10:32:00 UTC

[jira] [Created] (ROL-2176) Document the security model

Arnout Engelen created ROL-2176:
-----------------------------------

             Summary: Document the security model
                 Key: ROL-2176
                 URL: https://issues.apache.org/jira/browse/ROL-2176
             Project: Apache Roller
          Issue Type: Wish
          Components: Website and Documentation
            Reporter: Arnout Engelen


It would be nice to publish a page on the website or in the documentation describing the 'security model' of Roller, explaining both to operators and to security researchers what kind of behavior to expect.

For example, this page could clarify that blog authenticated weblog admins are trusted and can use HTML and JavaScript without limitation in blog titles, entries and other places in the blog.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)