This is an automated email from the ASF dual-hosted git repository.
snoopdave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/master by this push:
new 308bcf868 Safer defaults for trust-users and file uploads, plus
install guide changes.
308bcf868 is described below
commit 308bcf868c0a5bce9e1683c807ea43f10c3dc30e
Author: David M. Johnson <[email protected]>
AuthorDate: Sun Sep 8 16:18:48 2024 -0400
Safer defaults for trust-users and file uploads, plus install guide changes.
---
.../roller/weblogger/config/roller.properties | 3 ++
.../roller/weblogger/config/runtimeConfigDefs.xml | 4 +-
docs/roller-install-guide.adoc | 51 ++++++++++++----------
3 files changed, 33 insertions(+), 25 deletions(-)
diff --git
a/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
b/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
index 2d439eaa8..119bd9a78 100644
---
a/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
+++
b/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
@@ -342,6 +342,9 @@ authentication.method=db
# Enables HTTPS for login page only
securelogin.enabled=false
+# With this settings, all users will have HTML posts sanitized.
+weblogAdminsUntrusted=true
+
# Empty value used for passphrase in roller_user table when LDAP or CMA used;
# openid presently generates a random (long) password string instead.
users.passwords.externalAuthValue=<externalAuth>
diff --git
a/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml
b/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml
index f67b65c04..007117033 100644
---
a/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml
+++
b/app/src/main/resources/org/apache/roller/weblogger/config/runtimeConfigDefs.xml
@@ -199,7 +199,7 @@
<property-def name="uploads.enabled"
key="configForm.enableFileUploads">
<type>boolean</type>
- <default-value>true</default-value>
+ <default-value>false</default-value>
</property-def>
<property-def name="uploads.types.allowed"
key="configForm.allowedExtensions">
<type>string</type>
@@ -230,7 +230,7 @@
</property-def>
<property-def name="themes.customtheme.allowed"
key="configForm.allowCustomTheme">
<type>boolean</type>
- <default-value>true</default-value>
+ <default-value>false</default-value>
</property-def>
</display-group>
diff --git a/docs/roller-install-guide.adoc b/docs/roller-install-guide.adoc
index 5b9381ec5..c89c04c2b 100644
--- a/docs/roller-install-guide.adoc
+++ b/docs/roller-install-guide.adoc
@@ -42,29 +42,34 @@ some recommendations for keeping your Roller installation
secure:
* *Perform Roller installation on a secure network*. When you are
installing Roller it is possible for other users to interfere with your
installation. If other users have access to the server, one of them
-could create the admin account before you do. So, when you install
-Roller, do so on a server that cannot be accessed by others.
-* *Do not allow open registration of new users*. Roller can offer a
-registration link so that new users can register themselves, but this
-feature is turned off because it is not safe to allow just anybody to
-register for an account on your blog server. If you want to turn it on,
-login as an administrative user, go to Roller’s Server Administration
-page and enable the *Allow New Users* option.
-* *Enable HTML Sanitization*. If you cannot trust the webloggers who
-will use your Roller site to author HTML, then you should configure
-Roller to sanitize all HTML published by the system. Do this by setting
-the _weblogAdminsUntrusted=true_ property in your
-_roller-custom.properties_ file.
-* *Do not allow File Uploads*. By default Roller allows users to upload
-files for display on their blogs. If don't trust your users, this is unsafe
-and you should disable File Uploads via the Server Administration page.
-* *Do not allow HTML in comments*. Roller can allow users to write
-comments in a safe-subset of HTML, but HTML use in comments is not
-allowed at all because of security concerns with even a so called
-safe-subset of HTML. If you want to turn it on, login as an
-administrative user, go to Roller’s Server Administration page, enable
-the *Allow html in comments* option and make sure the *HTML Subset
-Restriction* box is checked.
+could attempt to access the Roller database or files while you are
+installing Roller. To prevent this, install Roller on a secure network
+or at a time when other users are not using the server.
+
+* *Do not allow new user registrations*. By default, Roller allows new
+users to register themselves. This is convenient, but it also means that
+anyone can create an account on your Roller site. If you do not want
+this, go to the Server Administration page and disable the *Allow New
+Users* option.
+
+* *Sanitize all HTML*. By default, Roller sanitizes all HTML published by the
system to ensure that user posts are safe and free from malicious content. This
is controlled by the _weblogAdminsUntrusted=true_ property in your
_roller-custom.properties_ file.
+
+* *Do not allow custom themes*. By default, Roller does not allow users to
+create custom themes. You can enable this via the Server Admin page, but
+don't do it unless you trust your users because it can allow users to
+create custom themes that can be used to compromise your site.
+
+* *Do not allow File Uploads*. By default, Roller does not allow users to
upload
+files for display on their blogs. If you trust your users, then you can enable
+file uploads via the Server Admin page.
+
+* *Do not allow HTML in comments*. By default, Roller does not allow users to
write
+comments in HTML due to security concerns. This setting helps prevent potential
+security issues related to HTML content in comments.
+
+By following these recommendations, you can help ensure that your Roller
+installation remains secure and protected from common web vulnerabilities.
+
* *Run Roller over SSL connection*. If you run Roller over a plain old
HTTP connection, it is possible for others to snoop your password when
you login, for example over an open WIFI network. To configure Roller to
