-* Directories are protected using `.htaccess` files
-* Forms are protected against XSRF (Cross-site requests forgery):
- * Forms which act on data (save,delete…) contain a token generated by the server.
- * Any posted form which does not contain a valid token is rejected.
- * Any token can only be used once.
- * Tokens are attached to the session and cannot be reused in another session.
-* Sessions automatically expire after 60 minutes.
-* Sessions are protected against hijacking: the session ID cannot be used from a different IP address.
+- Directories are protected using `.htaccess` files
+- Forms are protected against XSRF (Cross-site requests forgery):
+ - Forms which act on data (save,delete…) contain a token generated by the server.
+ - Any posted form which does not contain a valid token is rejected.
+ - Any token can only be used once.
+ - Tokens are attached to the session and cannot be reused in another session.
+- Sessions automatically expire after 60 minutes.
+- Sessions are protected against hijacking: the session ID cannot be used from a different IP address.