[Using Sakai] Anti-Samy filering: on or off

Matthew Jones matthew at longsight.com
Mon Feb 9 09:28:46 PST 2015 

That might be a question too, what setting are people using? The only
difference between the two configurations is that high has a hard-coded
"trusted" list of sites that content is allowed to be embedded from. But
this list hasn't changed in the default configuration for over a year and a
half.

So either nobody is using the high or the list is perfect as-is. :)

On Mon, Feb 9, 2015 at 12:08 PM, Neal Caidin <neal.caidin at apereo.org> wrote:

> Don't forget that there is a High setting and a Low setting and both of
> these are configurable. So hopefully you would be able to start with one of
> those (high is recommended) and then get it to work optimally for your
> institution, taking into account security risks for being less restrictive.
>
> -- Neal
>
>
> On Mon, Feb 9, 2015 at 11:39 AM, Sam Ottenhoff <ottenhoff at longsight.com>
> wrote:
>
>> The only justification for turning HTML filtering off would be that you
>> have complete trust in all of your users and that only authorized users are
>> able to post content to your Sakai instance.  Maybe your instance is used
>> by a small group of professional collaborators and worrying about a user
>> modifying grade information via XSS attacks doesn't apply.
>>
>>
>> On Mon, Feb 9, 2015 at 11:34 AM, Adam Marshall <adam.marshall at it.ox.ac.uk
>> > wrote:
>>
>>> Does anybody here not have Anti-Samy filtering turned on? If so how are
>>> you justifying this (you can reply off-list if you like).
>>>
>>> adam
>>>
>>> --
>>>
>>> ** Note change of email address to adam.marshall at it.ox.ac.uk **
>>>
>>> Dr A C Marshall, WebLearn Service Manager, University of Oxford.
>>> IT Services, 13 Banbury Rd, Oxford. OX2 6NN.
>>>
>>>
>>>
>>> _______________________________________________
>>> sakai-user mailing list
>>> sakai-user at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>>
>>
>>
>> _______________________________________________
>> sakai-user mailing list
>> sakai-user at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20150209/8bbf7e5d/attachment.html

More information about the sakai-user mailing list