You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by "Arnout Engelen (Jira)" <ji...@apache.org> on 2022/11/15 10:32:00 UTC
[jira] [Created] (ROL-2176) Document the security model
Arnout Engelen created ROL-2176:
-----------------------------------
Summary: Document the security model
Key: ROL-2176
URL: https://issues.apache.org/jira/browse/ROL-2176
Project: Apache Roller
Issue Type: Wish
Components: Website and Documentation
Reporter: Arnout Engelen
It would be nice to publish a page on the website or in the documentation describing the 'security model' of Roller, explaining both to operators and to security researchers what kind of behavior to expect.
For example, this page could clarify that blog authenticated weblog admins are trusted and can use HTML and JavaScript without limitation in blog titles, entries and other places in the blog.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)