Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Updated the Security-Audit page to better handle the change from the old https-login setting to the new redirect-to-https setting. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
37918a1fa43949c30459ca5ad559ac14 |
User & Date: | wyoung 2019-01-22 02:52:42.038 |
Context
2019-01-22
| ||
03:01 | Updated www/ssl.wiki to cover the new "Redirect to HTTPS" setting and to add recovery methods for the case where enabling it causes a redirect loop. ... (check-in: 226b14fc user: wyoung tags: trunk) | |
02:52 | Updated the Security-Audit page to better handle the change from the old https-login setting to the new redirect-to-https setting. ... (check-in: 37918a1f user: wyoung tags: trunk) | |
2019-01-21
| ||
20:07 | Update the built-in SQLite to the latest 3.27.0 alpha code. ... (check-in: 246f249e user: drh tags: trunk) | |
Changes
Changes to src/security_audit.c.
︙ | ︙ | |||
139 140 141 142 143 144 145 | @ </ul> if( zPubPages && zPubPages[0] ){ @ <p>Change GLOB patterns exceptions using the "Public pages" setting @ on the <a href="setup_access">Access Settings</a> page.</p> } } | | | | > | | | > > | 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | @ </ul> if( zPubPages && zPubPages[0] ){ @ <p>Change GLOB patterns exceptions using the "Public pages" setting @ on the <a href="setup_access">Access Settings</a> page.</p> } } /* Make sure the HTTPS is required for login, at least, so that the ** password does not go across the Internet in the clear. */ if( db_get_int("redirect-to-https",0)==0 ){ @ <li><p><b>WARNING:</b> @ Sensitive material such as login passwords can be sent over an @ unencrypted connection. @ <p>Fix this by changing the "Redirect to HTTPS" setting on the @ <a href="setup_access">Access Control</a> page. If you were using @ the old "Redirect to HTTPS on Login Page" setting, switch to the @ new setting: it has a more secure implementation. } /* Anonymous users should not be able to harvest email addresses ** from tickets. */ if( hasAnyCap(zAnonCap, "e") ){ @ <li><p><b>WARNING:</b> |
︙ | ︙ |