This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 761bce3 Improved: formatting (you don't see the same thing locally )
761bce3 is described below
commit 761bce3bae30ac3ebc62542caf25e96cc384de1b
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sun Sep 7 09:42:26 2025 +0200
Improved: formatting (you don't see the same thing locally )
---
security.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security.html b/security.html
index 6c1809b..bc797ed 100644
--- a/security.html
+++ b/security.html
@@ -119,8 +119,8 @@
<h2>OFBiz Security</h2>
<div class="divider"><span></span></div>
<a
href="//cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions"
target="external">OFBiz Security Model : Permissions and related.</a> Be sure
to read the children pages in the left part of screen.<br>
- <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.<br>
-
+ <a
href="//cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"
target="external">Keeping OFBiz secure.</a> To keep your OFBiz instance secure
from exploits.
+ <p> </p>
<p><strong>All system privileges, including access to potentially
vulnerable operations, are granted to administrators</strong>. Even if we
assume that administrators don't attack their own websites, it's essential to
exercise extra care when granting administrator privileges.
Therefore, if a security breach occurs on the
administration page (webtools), it's generally not perceived as a problem. The
administrator holds the power. Unless an ordinary user manages to overstep
their bounds and act beyond their authority.
So in the webtools page we only accept vulnerabilities
when using a not administrator credential.
