Rev 635 | Rev 643 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 635 | Rev 642 | ||
---|---|---|---|
Line 5... | Line 5... | ||
5 | - Default language selection: Either always en-US, or automatical selection depending on browser language, or depending on admin setting (e.g. german companies offer a german repository by default)? |
5 | - Default language selection: Either always en-US, or automatical selection depending on browser language, or depending on admin setting (e.g. german companies offer a german repository by default)? |
6 | - BCrypt |
6 | - BCrypt |
7 | Make #rounds and length of admin password configurable (pre-baseconfig?) |
7 | Make #rounds and length of admin password configurable (pre-baseconfig?) |
8 | Include dev/bcrypt_cost_calculator somewhere in the configuration page? |
8 | Include dev/bcrypt_cost_calculator somewhere in the configuration page? |
9 | ... At least give a hint to the documentation, so they know how to run the tool and how to enter the cost in the configuration (for RA and Admin) |
9 | ... At least give a hint to the documentation, so they know how to run the tool and how to enter the cost in the configuration (for RA and Admin) |
10 | - SVN: XML and JS files are sometimes marked as binary, because they have the mime type "application". We need to undo that! |
- | |
11 | 10 | ||
12 | SECURITY Improvements: |
11 | SECURITY Improvements: |
13 | - Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
12 | - Small security issue: A visitor can check which plugins are installed by either entering a "goto" command (e.g. "oidplus:vnag_version_check") |
14 | and see which error message appears, or they could try to enter "plugin/adminPages/..." using the web browser and see if the result is HTTP 200 or HTTP 404. |
13 | and see which error message appears, or they could try to enter "plugin/adminPages/..." using the web browser and see if the result is HTTP 200 or HTTP 404. |
15 | 14 |