(ofbiz-site) branch master updated: Improved: clarify the vocabulary used

Wed, 28 Aug 2024 01:36:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 991a443  Improved: clarify the vocabulary used
991a443 is described below

commit 991a443f740ae7adc996d1b1442f093eb4700051
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed Aug 28 10:35:47 2024 +0200

    Improved: clarify the vocabulary used
    
    Fixes mention about CSRF, pre-authN attacks are concerned not post-authN 
ones.
    
    This uses 2 links that help understand the vocabulary.
    I hope the 1st link will last...
---
 security.html                  | 10 +++++++++-
 template/page/security.tpl.php | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/security.html b/security.html
index 0e5d546..7526b47 100644
--- a/security.html
+++ b/security.html
@@ -129,7 +129,15 @@
             <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
 target="external"> we highly suggest to OFBiz users to not use credentials 
demo in production</a>
              and we expect OFBiz users to do so.
             <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"; 
target="external"> We also warn our users on the "Keeping OFBiz secure wiki 
page".</a>
-            And finally, mostly we reject post-authN vulnerabilities because 
we have a solid CSRF defense.</p>
+             And we finally reject pre-authN vulnerabilities because we have a 
solid CSRF defense.
+            </p>
+            <p>
+            To clarify the vocabulary used above here are 2 links:
+            <ul class="iconsList">
+                <li><i class="icon-pin"></i><a 
href="www.scmagazine.com/resource/what-are-post-authentication-attacks-and-how-to-protect-against-them">pre-authN
 vs post-authN</a></li>
+                <li><i class="icon-pin"></i><a 
href="cwe.mitre.org/data/definitions/863.html#ocimg_863_Alternate_Terms">authN 
vs authZ</a></li>
+            </ul>
+            </p>
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 02e3fd2..45e88a5 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -30,7 +30,15 @@
             <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
 target="external"> we highly suggest to OFBiz users to not use credentials 
demo in production</a>
              and we expect OFBiz users to do so.
             <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"; 
target="external"> We also warn our users on the "Keeping OFBiz secure wiki 
page".</a>
-            And finally, mostly we reject post-authN vulnerabilities because 
we have a solid CSRF defense.</p>
+             And we finally reject pre-authN vulnerabilities because we have a 
solid CSRF defense.
+            </p>
+            <p>
+            To clarify the vocabulary used above here are 2 links:
+            <ul class="iconsList">
+                <li><i class="icon-pin"></i><a 
href="www.scmagazine.com/resource/what-are-post-authentication-attacks-and-how-to-protect-against-them">pre-authN
 vs post-authN</a></li>
+                <li><i class="icon-pin"></i><a 
href="cwe.mitre.org/data/definitions/863.html#ocimg_863_Alternate_Terms">authN 
vs authZ</a></li>
+            </ul>
+            </p>
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">

Reply via email to