[
https://issues.apache.org/jira/browse/ROL-2176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17684347#comment-17684347
]
David M. Johnson commented on ROL-2176:
---------------------------------------
The installation does discuss this issue in the Install Guide under Securing
Roller:
[https://github.com/apache/roller/blob/roller-6.0.x/docs/roller-install-guide.adoc#2-securing-roller]
[~engelen] Do you have suggestions for making this issue more clear?
> Document the security model
> ---------------------------
>
> Key: ROL-2176
> URL: https://issues.apache.org/jira/browse/ROL-2176
> Project: Apache Roller
> Issue Type: Wish
> Components: Website and Documentation
> Reporter: Arnout Engelen
> Priority: Minor
>
> It would be nice to publish a page on the website or in the documentation
> describing the 'security model' of Roller, explaining both to operators and
> to security researchers what kind of behavior to expect.
> For example, this page could clarify that blog authenticated weblog admins
> are trusted and can use HTML and JavaScript without limitation in blog
> titles, entries and other places in the blog.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
