aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/md/Security.md
diff options
context:
space:
mode:
authorVirtualTam <virtualtam+github@flibidi.net>2017-08-27 13:10:05 +0200
committerGitHub <noreply@github.com>2017-08-27 13:10:05 +0200
commit5941c4216d804da5dfec9eeafa676105576bd0d1 (patch)
treea9a2ce57072e73e01dba47649fcc64150ee8b16b /doc/md/Security.md
parentde901736a663934c1b67f09f1d586da665f0f036 (diff)
parenta544b113f203d3359db51cf886f5aab98605624c (diff)
downloadShaarli-5941c4216d804da5dfec9eeafa676105576bd0d1.tar.gz
Shaarli-5941c4216d804da5dfec9eeafa676105576bd0d1.tar.zst
Shaarli-5941c4216d804da5dfec9eeafa676105576bd0d1.zip
Merge pull request #946 from thewilli/clean
small code cleanup
Diffstat (limited to 'doc/md/Security.md')
-rw-r--r--doc/md/Security.md3
1 files changed, 0 insertions, 3 deletions
diff --git a/doc/md/Security.md b/doc/md/Security.md
index 36f629af..65db4225 100644
--- a/doc/md/Security.md
+++ b/doc/md/Security.md
@@ -1,9 +1,6 @@
1## Client browser 1## Client browser
2- Shaarli relies on `HTTP_REFERER` for some functions (like redirects and clicking on tags). If you have disabled or masqueraded `HTTP_REFERER` in your browser, some features of Shaarli may not work 2- Shaarli relies on `HTTP_REFERER` for some functions (like redirects and clicking on tags). If you have disabled or masqueraded `HTTP_REFERER` in your browser, some features of Shaarli may not work
3 3
4## PHP
5- `magic_quotes` is an horrible option of PHP which is often activated on servers. No serious developer should rely on this horror to secure their code against SQL injections. You should disable it (and Shaarli expects this option to be disabled). Nevertheless, I have added code to cope with `magic_quotes` on, so you should not be bothered even on crappy hosts.
6
7## Server and sessions 4## Server and sessions
8- Directories are protected using `.htaccess` files 5- Directories are protected using `.htaccess` files
9- Forms are protected against XSRF (Cross-site requests forgery): 6- Forms are protected against XSRF (Cross-site requests forgery):