Hanfei,
I'd be happy to take a look at the report and share it with the rest of the
team if you'd like to send it directly to me.
Regarding SSL, this is definitely something that you can set up for your own
instance, see the documentation for configuring proxies on the wiki
Hello Galaxy-team,
A galaxy instance is being hold on our server.
But last week, an expert in security makes some tests on our server. He warned
us that the user creation and login script can be injected with executable
javascript in Galaxy, which may make our server vulnerable.
He gives us