This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new b9d887b Improved: formatting (you don't see the same thing locally )
b9d887b is described below
commit b9d887bec29ebadc9b32d667bf1b197fb39f41c4
Author: Jacques Le Roux <[email protected]>
AuthorDate: Sun Sep 7 09:41:01 2025 +0200
Improved: formatting (you don't see the same thing locally )
---
template/page/security.tpl.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index ada504e..d8351cb 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -21,7 +21,7 @@
<div class="divider"><span></span></div>
<a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.<br>
<a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.
- <p></p>
+ <p> </p>
<p><strong>All system privileges, including access to potentially
vulnerable operations, are granted to administrators</strong>. Even if we
assume that administrators don't attack their own websites, it's essential to
exercise extra care when granting administrator privileges.
Therefore, if a security breach occurs on the
administration page (webtools), it's generally not perceived as a problem. The
administrator holds the power. Unless an ordinary user manages to overstep
their bounds and act beyond their authority.
So in the webtools page we only accept vulnerabilities
when using a not administrator credential.
