Sophie

Sophie

distrib > Fedora > 15 > i386 > by-pkgid > 54cac1c2268db633d66eeff1b4faa585 > files > 14

frepple-doc-0.8.1-3.fc15.noarch.rpm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
  <title>Frepple / Security </title>
  <link rel='stylesheet' href='../styles.css' type='text/css' />
  <!--PageHeaderFmt-->  
</head>
<body>
<div id="container">

<div id="menubar">
  
<div id="logo" align="center">
<br/><img src='../frepple.bmp' alt="frepple" /><br/>
<a href='http://www.frepple.com/'>
<strong>a Free<br/>Production Planning<br/>Library</strong>
</a></div>
<div id="menu">
<br/>
<h3><a href='../Main/HomePage.html'>Main</a></h3>
<h3><a href='../UI/Main.html'>User Manual</a></h3>
<h3><a href='../Tutorial/Main.html'>Tutorial</a></h3>
<h3><a href='Main.html'>Reference Manual</a></h3>
<h3><a href='../Main/FAQ.html'>FAQ</a></h3>
<h3><a href='../reference/index.html'>C++ API</a></h3>
<br/><div>
</div>  
</div>
</div>

<div id="content">
<br/>
<!--PageText-->
<div id='wikitext'>
<p><a class='wikilink' href='../Main/HomePage.html'>Main</a> &gt; <span class='wikitrail'><a class='wikilink' href='Main.html'>Reference Manual</a> > <a class='wikilink' href='Developer.html'>Information for developers</a> > <a class='selflink' href='DeveloperSecurity.html'>Security</a></span>
</p>
<p class='vspace'>When frePPLe is used in a networked multi-user environment, security is very important.<br />The frePPLe C++ code is developed with security in mind.
</p>
<p class='vspace'>Here are some notes and considerations on this topic:
</p>
<div class='vspace'></div><ul><li>FrePPLe can validate incoming XML data with an XML-schema. Invalid data will be rejected and an error message is generated.<br />The XML Schema files frepple.xsd and frepple_core.xsd define the valid structures.<br />When integrating frePPLe with other systems it is strongly recommended to validate the incoming XML data against a small and well-controlled subset of the default XML-schema. 
<div class='vspace'></div></li><li>The python XML processing instruction allows execution of arbitrary python statements with the privilege of the user running the frePPLe executable.<br />While allowing a maximum of flexiblity for configuring and customizing frePPLe, it also creates an open door to access your system. Access to this command should be restricted, and/or frePPLe should be run by a user account with limited privileges.
<div class='vspace'></div></li><li>When using Django, its standard web authentication mechanism is relatively weak.<br />In secure environments, consider using HTTPS and plugging in a different authentication mechanism.
</li></ul>
</div>

<!--PageFooterFmt-->
<!--HTMLFooter-->
</div></div>
</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional