summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/security.mdwn8
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 3c85f57de..e514223e3 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let
others edit pages in your wiki, then some possible security issues do need
to be kept in mind.
+----
+
# Probable holes
## XSS holes in CGI output
@@ -39,7 +41,7 @@ ikiwiki escapes any html in svn commit logs to prevent other mischief.
# Potential gotchas
-Things not to do.
+_(Things not to do.)_
## multiple accessors of wiki directory
@@ -72,7 +74,7 @@ they can try to use this to exploit your web server.
# Hopefully non-holes
-(AKA, the assumptions that will be the root of most security holes...)
+_(AKA, the assumptions that will be the root of most security holes...)_
## exploting ikiwiki with bad content
@@ -128,6 +130,8 @@ Login to the wiki involves sending a password in cleartext over the net.
Cracking the password only allows editing the wiki as that user though.
If you care, you can use https, I suppose.
+----
+
# Fixed holes
_(Unless otherwise noted, these were discovered and immediatey fixed by the