A galaxy instance is being hold on our server.
But last week, an expert in security makes some tests on our server. He warned
us that the user creation and login script can be injected with executable
He gives us a report of 3 pages (other issues including Non-SSL Password and
cookie of Galaxy).
We don't know whether it's serious and whether we need to fix these issues
Is Galaxy going to update for issues? Or we need to modify them ourselves? Any
suggestion is appreciated.
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at: