Mercurial > p > roundup > code

diff doc/customizing.txt @ 7094:570abc4c6548

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Improve documention on access to templates and static_files.
author John Rouillard <rouilj@ieee.org>
date Wed, 30 Nov 2022 02:22:21 -0500
parents ff2c8b430738
children 519fb6dca72b
line wrap: on
line diff
--- a/doc/customizing.txt	Wed Nov 30 02:09:16 2022 -0500
+++ b/doc/customizing.txt	Wed Nov 30 02:22:21 2022 -0500
@@ -2309,6 +2309,16 @@
 See the previous section `determining web context`_ where it describes
 ``@@file`` paths.
 
+These files are served without any permission checks. Any user on the
+internet with the url can download the file.
+
+This is rarely an issue since the html templates are just source code
+and much of it can be found in the Roundup repository. Other
+decoration (logos, stylesheets) are similarly not security sensitive.
+You can use the static_files setting in config.ini to eliminate
+access to the templates directory if desired.
+
+If a file resolves to a symbolic link, it is not served.
 
 Performing actions in web requests
 ----------------------------------
Roundup Issue Tracker: http://roundup-tracker.org/