Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Updated the Security-Audit page to better handle the change from the old https-login setting to the new redirect-to-https setting. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
37918a1fa43949c30459ca5ad559ac14 |
| User & Date: | wyoung 2019-01-22 02:52:42 |
Context
|
2019-01-22
| ||
| 03:01 | Updated www/ssl.wiki to cover the new "Redirect to HTTPS" setting and to add recovery methods for the case where enabling it causes a redirect loop. (check-in: 226b14fc user: wyoung tags: trunk) | |
| 02:52 | Updated the Security-Audit page to better handle the change from the old https-login setting to the new redirect-to-https setting. (check-in: 37918a1f user: wyoung tags: trunk) | |
|
2019-01-21
| ||
| 20:07 | Update the built-in SQLite to the latest 3.27.0 alpha code. (check-in: 246f249e user: drh tags: trunk) | |
Changes
Changes to src/security_audit.c.
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 |
@ </ul>
if( zPubPages && zPubPages[0] ){
@ <p>Change GLOB patterns exceptions using the "Public pages" setting
@ on the <a href="setup_access">Access Settings</a> page.</p>
}
}
/* Make sure the HTTPS is required for login, so that the password
** does not go across the internet in the clear.
*/
if( db_get_boolean("redirect-to-https",0)==0 ){
@ <li><p><b>WARNING:</b>
@ Login passwords can be sent over an unencrypted connection.
@ <p>Fix this by activating the "Redirect to HTTPS on the Login page"
@ setting on the <a href="setup_access">Access Control</a> page.
}
/* Anonymous users should not be able to harvest email addresses
** from tickets.
*/
if( hasAnyCap(zAnonCap, "e") ){
@ <li><p><b>WARNING:</b>
|
| | | | | > | > > |
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
@ </ul>
if( zPubPages && zPubPages[0] ){
@ <p>Change GLOB patterns exceptions using the "Public pages" setting
@ on the <a href="setup_access">Access Settings</a> page.</p>
}
}
/* Make sure the HTTPS is required for login, at least, so that the
** password does not go across the Internet in the clear.
*/
if( db_get_int("redirect-to-https",0)==0 ){
@ <li><p><b>WARNING:</b>
@ Sensitive material such as login passwords can be sent over an
@ unencrypted connection.
@ <p>Fix this by changing the "Redirect to HTTPS" setting on the
@ <a href="setup_access">Access Control</a> page. If you were using
@ the old "Redirect to HTTPS on Login Page" setting, switch to the
@ new setting: it has a more secure implementation.
}
/* Anonymous users should not be able to harvest email addresses
** from tickets.
*/
if( hasAnyCap(zAnonCap, "e") ){
@ <li><p><b>WARNING:</b>
|