Hello Galaxy-team, 

A galaxy instance is being hold on our server. 
But last week, an expert in security makes some tests on our server. He warned 
us that the user creation and login script can be injected with executable 
javascript in Galaxy, which may make our server vulnerable.

He gives us a report of 3 pages (other issues including Non-SSL Password and 
cookie of Galaxy). 
We don't know whether it's serious and whether we need to fix these issues 
immediately. 
Is Galaxy going to update for issues? Or we need to modify them ourselves? Any 
suggestion is appreciated.
Thanks!


-- 
Hanfei Sun
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/

Reply via email to