[sakai2-tcc] Fwd: [Deploying Sakai] Reg: Sakai 2.8.2 Allow HTML in all sites
Matthew Jones
matthew at longsight.com
Mon Oct 15 11:27:58 PDT 2012
It seems like with the default either way there should have been a warning.
It looks like adding this setting was prior to the forming of the TCC and
there was about equal opinion on both sides back then. With the release so
close I'd be inclined to leave the setting 'as-is" and not be a blocker for
the release, but would be happy to have it up for vote.
I'm not sure if anyone would even look or notice the logs even if we put a
warning in there but:
- If it was set to true (forcing downloads) then there should be a warning
that this was enabled and all content from resources would be forced to
download by default.
- If it was set to false then the system could potentially be subject to
XSS attacks and other security risks if users uploaded content which
contained script.
KNL-640 (Being able to host content on a separate domain) would help to the
case of this being false, and this option wasn't available prior to 2.9.
However this requires extra setup, though I'd consider it advisable for
most big schools to work toward implementing. This option will be
documented in the 2.9 release notes with a mention back to the force
download option.
On Mon, Oct 15, 2012 at 2:11 PM, Charles Severance <csev at umich.edu> wrote:
> I suggest we change this default back in 2.9.0 so we don't have to answer
> this question one million times.
>
> Lets fix the default but then add a log message with a warning and the
> feature that comes up until you explicitly add the line to properties one
> way or another.
>
> /Chuck
>
> Begin forwarded message:
>
> *From: *John Bush <john.bush at rsmart.com>
> *Subject: **Re: [Deploying Sakai] Reg: Sakai 2.8.2 Allow HTML in all sites
> *
> *Date: *October 15, 2012 2:05:52 PM EDT
> *To: *prabhu <prabhu142003 at gmail.com>
> *Cc: *production at collab.sakaiproject.org, Naim Syed <naimsyed at hotmail.com>
>
> content.html.forcedownload=false
>
> On Mon, Oct 15, 2012 at 9:28 AM, prabhu <prabhu142003 at gmail.com> wrote:
>
> Hi,
>
> I have migrated from sakai 2.8.0 to sakai 2.8.2. When I login into
>
> Sakai, I am getting a prompt asking me to save or open file with filename
> as
>
> gatewaywelcome. How to declare the global setting to accept HTML files,
>
> instead of changing the setting in each and every site manually.
>
>
> --
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------
>
>
> Regards:
>
>
> Prabhu Janakaraj,
>
> Consultant Linux and Networking - Training and Deployment,
>
>
>
>
> _______________________________________________
>
> production mailing list
>
> production at collab.sakaiproject.org
>
> http://collab.sakaiproject.org/mailman/listinfo/production
>
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org
>
> with a subject of "unsubscribe"
>
>
>
>
> --
> John Bush
> 602-490-0470
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
> _______________________________________________
> sakai2-tcc mailing list
> sakai2-tcc at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20121015/59c90c77/attachment.html
More information about the sakai2-tcc
mailing list