projects / ikiwiki / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d283e4c) | patch
doc: Document security issues involving LWP::UserAgent
authorSimon McVittie <smcv@debian.org>
Sun, 10 Feb 2019 16:56:41 +0000 (16:56 +0000)
committerSimon McVittie <smcv@debian.org>
Tue, 26 Feb 2019 22:21:31 +0000 (22:21 +0000)
commit9a275b2f1846d7268c71a740975447e269383849
tree0c832065045c67438ede85f237b93f77b74ecd2btree | snapshot
parentd283e4ca1aeb6ca8cc0951c8495f778071076013commit | diff
doc: Document security issues involving LWP::UserAgent

Recommend the LWPx::ParanoidAgent module where appropriate.
It is particularly important for openid, since unauthenticated users
can control which URLs that plugin will contact. Conversely, it is
non-critical for blogspam, since the URL to be contacted is under
the wiki administrator's control.

Signed-off-by: Simon McVittie <smcv@debian.org>
doc/plugins/aggregate.mdwn diff | blob | blame | history
doc/plugins/blogspam.mdwn diff | blob | blame | history
doc/plugins/openid.mdwn diff | blob | blame | history
doc/plugins/pinger.mdwn diff | blob | blame | history
doc/security.mdwn diff | blob | blame | history
doc/tips/using_a_proxy.mdwn [new file with mode: 0644] blob
Ikiwiki patches